cobaltstrike | 9ba776d21e9c2e5eb6600fec4b36222a1d39649d68a89a5914088fb97e74ed35

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-12-2024 02:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

94485aafbdf3e911cba18471c5f9c96d
SHA1

7ec985e51feacf9b6bf20e1aaeaf2deb435036a2
SHA256

9ba776d21e9c2e5eb6600fec4b36222a1d39649d68a89a5914088fb97e74ed35
SHA512

2dc3f101502095acb8819aaf5d4acbab7b00b6bcbd45b12afed5dad8d73c511512567eb60cb060fa6856f12811a04cea28c03a50f3a55d430252fcb08bb2bf2d
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU1:T+q56utgpPF8u/71

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012266-6.dat	cobalt_reflective_dll
behavioral1/files/0x000f00000001866e-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018687-16.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018c1a-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018c26-26.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000190ce-38.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019397-45.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a5-50.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944d-75.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-85.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946e-95.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001963a-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019632-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019a62-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019aff-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001963b-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019afd-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197aa-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952c-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019630-126.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ff-115.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194df-110.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c9-105.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ae-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946b-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019458-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019442-70.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019438-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019426-60.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019423-55.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001903b-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018f53-30.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral1/memory/2364-0-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/files/0x000c000000012266-6.dat	xmrig
behavioral1/files/0x000f00000001866e-8.dat	xmrig
behavioral1/files/0x0007000000018687-16.dat	xmrig
behavioral1/files/0x0007000000018c1a-21.dat	xmrig
behavioral1/files/0x0007000000018c26-26.dat	xmrig
behavioral1/files/0x00080000000190ce-38.dat	xmrig
behavioral1/files/0x0005000000019397-45.dat	xmrig
behavioral1/files/0x00050000000193a5-50.dat	xmrig
behavioral1/files/0x000500000001944d-75.dat	xmrig
behavioral1/files/0x000500000001945c-85.dat	xmrig
behavioral1/files/0x000500000001946e-95.dat	xmrig
behavioral1/files/0x000500000001963a-136.dat	xmrig
behavioral1/files/0x0005000000019632-131.dat	xmrig
behavioral1/files/0x0005000000019a62-150.dat	xmrig
behavioral1/memory/2364-1943-0x0000000002260000-0x00000000025B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019aff-159.dat	xmrig
behavioral1/files/0x000500000001963b-141.dat	xmrig
behavioral1/files/0x0005000000019afd-155.dat	xmrig
behavioral1/files/0x00050000000197aa-144.dat	xmrig
behavioral1/files/0x000500000001952c-120.dat	xmrig
behavioral1/files/0x0005000000019630-126.dat	xmrig
behavioral1/files/0x00050000000194ff-115.dat	xmrig
behavioral1/files/0x00050000000194df-110.dat	xmrig
behavioral1/files/0x00050000000194c9-105.dat	xmrig
behavioral1/files/0x00050000000194ae-100.dat	xmrig
behavioral1/files/0x000500000001946b-90.dat	xmrig
behavioral1/files/0x0005000000019458-80.dat	xmrig
behavioral1/files/0x0005000000019442-70.dat	xmrig
behavioral1/files/0x0005000000019438-65.dat	xmrig
behavioral1/files/0x0005000000019426-60.dat	xmrig
behavioral1/files/0x0005000000019423-55.dat	xmrig
behavioral1/files/0x000900000001903b-36.dat	xmrig
behavioral1/files/0x0007000000018f53-30.dat	xmrig
behavioral1/memory/2360-1981-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2392-2034-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2364-2172-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/792-2162-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2064-2300-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2252-2372-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2320-2374-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2364-2871-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/792-3818-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2252-3841-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2064-3850-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2392-3790-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2360-3803-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2320-3794-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2360	eveWMcH.exe
2392	XNJgWje.exe
792	dirNnDE.exe
2064	uIIERfW.exe
2252	NYMoOeo.exe
2320	oeHIWiy.exe
2892	lHLLjwY.exe
2928	AMtlyVH.exe
2888	Cnetfah.exe
2880	qNklVYb.exe
2736	NPmipCK.exe
2640	pkHIeSb.exe
2784	bRESKcl.exe
2616	NgqEFhZ.exe
2668	iEnbLOs.exe
320	ZjAmpUN.exe
2176	KLZqQQR.exe
1092	CqBbXDR.exe
2708	nNyyDrx.exe
2820	gmjtisE.exe
1976	XmvdOUn.exe
1028	yprPOaW.exe
1716	OdPmoQj.exe
2032	kSIHmDT.exe
1284	ODrhsFB.exe
2956	lyKJhzH.exe
2204	tDCHwEA.exe
2284	LHpqdcq.exe
2268	fQvaaZk.exe
1360	TcSNSwe.exe
328	VlobHAG.exe
688	zGAYMEW.exe
960	pLgMUOa.exe
664	dCBVdDM.exe
1568	vyMJTib.exe
1732	uhfcsRA.exe
2192	xXuUpew.exe
1124	zwnkIbC.exe
1780	QlOcGoG.exe
3016	aJupjWA.exe
1648	IpzKyMh.exe
1492	DnZDvfm.exe
1920	TlsEFZO.exe
1444	ElQxGQW.exe
3052	irMmwWP.exe
708	zgXrcib.exe
2184	muDRDUK.exe
2572	hwrtHzY.exe
1860	ETKjdnj.exe
1000	dplaafz.exe
268	GjfNUiF.exe
2420	XSiZrhS.exe
3040	LkPChtI.exe
1584	PrcGuaD.exe
3044	IXjyFRR.exe
2348	mhXLovZ.exe
2548	zawBnTz.exe
832	pFctQlh.exe
2060	EjXzavj.exe
2904	ReinqpN.exe
2896	mEvkwim.exe
768	XQbzfsj.exe
2764	bZpGzmC.exe
2648	LMtdugp.exe

Loads dropped DLL 64 IoCs

pid	Process
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 46 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2364-0-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/files/0x000c000000012266-6.dat	upx
behavioral1/files/0x000f00000001866e-8.dat	upx
behavioral1/files/0x0007000000018687-16.dat	upx
behavioral1/files/0x0007000000018c1a-21.dat	upx
behavioral1/files/0x0007000000018c26-26.dat	upx
behavioral1/files/0x00080000000190ce-38.dat	upx
behavioral1/files/0x0005000000019397-45.dat	upx
behavioral1/files/0x00050000000193a5-50.dat	upx
behavioral1/files/0x000500000001944d-75.dat	upx
behavioral1/files/0x000500000001945c-85.dat	upx
behavioral1/files/0x000500000001946e-95.dat	upx
behavioral1/files/0x000500000001963a-136.dat	upx
behavioral1/files/0x0005000000019632-131.dat	upx
behavioral1/files/0x0005000000019a62-150.dat	upx
behavioral1/files/0x0005000000019aff-159.dat	upx
behavioral1/files/0x000500000001963b-141.dat	upx
behavioral1/files/0x0005000000019afd-155.dat	upx
behavioral1/files/0x00050000000197aa-144.dat	upx
behavioral1/files/0x000500000001952c-120.dat	upx
behavioral1/files/0x0005000000019630-126.dat	upx
behavioral1/files/0x00050000000194ff-115.dat	upx
behavioral1/files/0x00050000000194df-110.dat	upx
behavioral1/files/0x00050000000194c9-105.dat	upx
behavioral1/files/0x00050000000194ae-100.dat	upx
behavioral1/files/0x000500000001946b-90.dat	upx
behavioral1/files/0x0005000000019458-80.dat	upx
behavioral1/files/0x0005000000019442-70.dat	upx
behavioral1/files/0x0005000000019438-65.dat	upx
behavioral1/files/0x0005000000019426-60.dat	upx
behavioral1/files/0x0005000000019423-55.dat	upx
behavioral1/files/0x000900000001903b-36.dat	upx
behavioral1/files/0x0007000000018f53-30.dat	upx
behavioral1/memory/2360-1981-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2392-2034-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/792-2162-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2064-2300-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2252-2372-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2320-2374-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2364-2871-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/792-3818-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2252-3841-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2064-3850-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2392-3790-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2360-3803-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2320-3794-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ATwVHWz.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tDqwDEC.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WmObZUM.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pkHIeSb.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EfdPFGu.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rwqRRim.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aXHHgdN.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pdyrnDZ.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QVRqzyQ.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eiicaMF.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IuDmmGu.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aOAVive.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JupptCx.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BYwRqLh.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EvBcTtg.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vVwChis.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jHcrkTj.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rNnRKPx.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eLlidvm.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DHwdBDn.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aBpvUWd.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gogxTgZ.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bRESKcl.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HuFKRGV.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AMbLOnR.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DRlterN.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NvlGhjl.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WawxUzV.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sOzgGOn.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qllYnSS.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZGqCuAn.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zgXrcib.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EjXzavj.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CZluqjj.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MBgkVRP.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RciARYq.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nXYlkHk.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZyEHWPx.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XdOXzns.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gmjtisE.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QjoGCJk.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iCmuBkZ.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QHpFogw.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yJHSZud.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UZhMDtx.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eXCoDtX.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XmvdOUn.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fhMsXEp.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zCKjOpk.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bvrcpqq.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lgOGsgA.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QMjeEEd.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Cnetfah.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MGCAyaM.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kQIOqNz.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jqRDFbx.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uwbWzXQ.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jEBKUbc.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hNRyzhf.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FWWJLhN.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ibgqUpc.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rZbtYxB.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kWVaYih.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KvieGyT.exe	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2360	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2364 wrote to memory of 2360	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2364 wrote to memory of 2360	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2364 wrote to memory of 2392	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2364 wrote to memory of 2392	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2364 wrote to memory of 2392	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2364 wrote to memory of 792	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2364 wrote to memory of 792	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2364 wrote to memory of 792	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2364 wrote to memory of 2064	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2364 wrote to memory of 2064	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2364 wrote to memory of 2064	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2364 wrote to memory of 2252	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2364 wrote to memory of 2252	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2364 wrote to memory of 2252	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2364 wrote to memory of 2320	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2364 wrote to memory of 2320	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2364 wrote to memory of 2320	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2364 wrote to memory of 2892	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2364 wrote to memory of 2892	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2364 wrote to memory of 2892	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2364 wrote to memory of 2928	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2364 wrote to memory of 2928	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2364 wrote to memory of 2928	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2364 wrote to memory of 2888	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2364 wrote to memory of 2888	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2364 wrote to memory of 2888	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2364 wrote to memory of 2880	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2364 wrote to memory of 2880	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2364 wrote to memory of 2880	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2364 wrote to memory of 2736	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2364 wrote to memory of 2736	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2364 wrote to memory of 2736	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2364 wrote to memory of 2640	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2364 wrote to memory of 2640	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2364 wrote to memory of 2640	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2364 wrote to memory of 2784	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2364 wrote to memory of 2784	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2364 wrote to memory of 2784	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2364 wrote to memory of 2616	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2364 wrote to memory of 2616	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2364 wrote to memory of 2616	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2364 wrote to memory of 2668	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2364 wrote to memory of 2668	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2364 wrote to memory of 2668	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2364 wrote to memory of 320	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2364 wrote to memory of 320	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2364 wrote to memory of 320	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2364 wrote to memory of 2176	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2364 wrote to memory of 2176	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2364 wrote to memory of 2176	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2364 wrote to memory of 1092	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2364 wrote to memory of 1092	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2364 wrote to memory of 1092	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2364 wrote to memory of 2708	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2364 wrote to memory of 2708	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2364 wrote to memory of 2708	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2364 wrote to memory of 2820	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2364 wrote to memory of 2820	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2364 wrote to memory of 2820	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2364 wrote to memory of 1976	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2364 wrote to memory of 1976	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2364 wrote to memory of 1976	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2364 wrote to memory of 1028	2364	2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-25_94485aafbdf3e911cba18471c5f9c96d_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Windows\System\eveWMcH.exe
  C:\Windows\System\eveWMcH.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\XNJgWje.exe
  C:\Windows\System\XNJgWje.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\dirNnDE.exe
  C:\Windows\System\dirNnDE.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\uIIERfW.exe
  C:\Windows\System\uIIERfW.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\NYMoOeo.exe
  C:\Windows\System\NYMoOeo.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\oeHIWiy.exe
  C:\Windows\System\oeHIWiy.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\lHLLjwY.exe
  C:\Windows\System\lHLLjwY.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\AMtlyVH.exe
  C:\Windows\System\AMtlyVH.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\Cnetfah.exe
  C:\Windows\System\Cnetfah.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\qNklVYb.exe
  C:\Windows\System\qNklVYb.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\NPmipCK.exe
  C:\Windows\System\NPmipCK.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\pkHIeSb.exe
  C:\Windows\System\pkHIeSb.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\bRESKcl.exe
  C:\Windows\System\bRESKcl.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\NgqEFhZ.exe
  C:\Windows\System\NgqEFhZ.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\iEnbLOs.exe
  C:\Windows\System\iEnbLOs.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\ZjAmpUN.exe
  C:\Windows\System\ZjAmpUN.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\KLZqQQR.exe
  C:\Windows\System\KLZqQQR.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\CqBbXDR.exe
  C:\Windows\System\CqBbXDR.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\nNyyDrx.exe
  C:\Windows\System\nNyyDrx.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\gmjtisE.exe
  C:\Windows\System\gmjtisE.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\XmvdOUn.exe
  C:\Windows\System\XmvdOUn.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\yprPOaW.exe
  C:\Windows\System\yprPOaW.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\OdPmoQj.exe
  C:\Windows\System\OdPmoQj.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\kSIHmDT.exe
  C:\Windows\System\kSIHmDT.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\ODrhsFB.exe
  C:\Windows\System\ODrhsFB.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\lyKJhzH.exe
  C:\Windows\System\lyKJhzH.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\tDCHwEA.exe
  C:\Windows\System\tDCHwEA.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\LHpqdcq.exe
  C:\Windows\System\LHpqdcq.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\fQvaaZk.exe
  C:\Windows\System\fQvaaZk.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\TcSNSwe.exe
  C:\Windows\System\TcSNSwe.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\VlobHAG.exe
  C:\Windows\System\VlobHAG.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\zGAYMEW.exe
  C:\Windows\System\zGAYMEW.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\pLgMUOa.exe
  C:\Windows\System\pLgMUOa.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\dCBVdDM.exe
  C:\Windows\System\dCBVdDM.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\vyMJTib.exe
  C:\Windows\System\vyMJTib.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\xXuUpew.exe
  C:\Windows\System\xXuUpew.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\uhfcsRA.exe
  C:\Windows\System\uhfcsRA.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\zwnkIbC.exe
  C:\Windows\System\zwnkIbC.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\QlOcGoG.exe
  C:\Windows\System\QlOcGoG.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\aJupjWA.exe
  C:\Windows\System\aJupjWA.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\IpzKyMh.exe
  C:\Windows\System\IpzKyMh.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\DnZDvfm.exe
  C:\Windows\System\DnZDvfm.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\TlsEFZO.exe
  C:\Windows\System\TlsEFZO.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\ElQxGQW.exe
  C:\Windows\System\ElQxGQW.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\irMmwWP.exe
  C:\Windows\System\irMmwWP.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\zgXrcib.exe
  C:\Windows\System\zgXrcib.exe
  2⤵
  - Executes dropped EXE
  PID:708
- C:\Windows\System\muDRDUK.exe
  C:\Windows\System\muDRDUK.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\hwrtHzY.exe
  C:\Windows\System\hwrtHzY.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\ETKjdnj.exe
  C:\Windows\System\ETKjdnj.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\dplaafz.exe
  C:\Windows\System\dplaafz.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\GjfNUiF.exe
  C:\Windows\System\GjfNUiF.exe
  2⤵
  - Executes dropped EXE
  PID:268
- C:\Windows\System\XSiZrhS.exe
  C:\Windows\System\XSiZrhS.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\LkPChtI.exe
  C:\Windows\System\LkPChtI.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\IXjyFRR.exe
  C:\Windows\System\IXjyFRR.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\PrcGuaD.exe
  C:\Windows\System\PrcGuaD.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\zawBnTz.exe
  C:\Windows\System\zawBnTz.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\mhXLovZ.exe
  C:\Windows\System\mhXLovZ.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\EjXzavj.exe
  C:\Windows\System\EjXzavj.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\pFctQlh.exe
  C:\Windows\System\pFctQlh.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\ReinqpN.exe
  C:\Windows\System\ReinqpN.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\mEvkwim.exe
  C:\Windows\System\mEvkwim.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\bZpGzmC.exe
  C:\Windows\System\bZpGzmC.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\XQbzfsj.exe
  C:\Windows\System\XQbzfsj.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\OdsLvBu.exe
  C:\Windows\System\OdsLvBu.exe
  2⤵
  PID:1500
- C:\Windows\System\LMtdugp.exe
  C:\Windows\System\LMtdugp.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\GouCIPG.exe
  C:\Windows\System\GouCIPG.exe
  2⤵
  PID:1744
- C:\Windows\System\jRFizXz.exe
  C:\Windows\System\jRFizXz.exe
  2⤵
  PID:1296
- C:\Windows\System\bPYnDNq.exe
  C:\Windows\System\bPYnDNq.exe
  2⤵
  PID:1432
- C:\Windows\System\qxcYVNc.exe
  C:\Windows\System\qxcYVNc.exe
  2⤵
  PID:1948
- C:\Windows\System\dSDyxxS.exe
  C:\Windows\System\dSDyxxS.exe
  2⤵
  PID:2212
- C:\Windows\System\ZmISakz.exe
  C:\Windows\System\ZmISakz.exe
  2⤵
  PID:1936
- C:\Windows\System\qFGfWTD.exe
  C:\Windows\System\qFGfWTD.exe
  2⤵
  PID:1056
- C:\Windows\System\EfdPFGu.exe
  C:\Windows\System\EfdPFGu.exe
  2⤵
  PID:2444
- C:\Windows\System\bVHGsxP.exe
  C:\Windows\System\bVHGsxP.exe
  2⤵
  PID:2336
- C:\Windows\System\PeEpkjy.exe
  C:\Windows\System\PeEpkjy.exe
  2⤵
  PID:1996
- C:\Windows\System\YafKEMA.exe
  C:\Windows\System\YafKEMA.exe
  2⤵
  PID:1592
- C:\Windows\System\gZEzeYF.exe
  C:\Windows\System\gZEzeYF.exe
  2⤵
  PID:1032
- C:\Windows\System\lzQtegb.exe
  C:\Windows\System\lzQtegb.exe
  2⤵
  PID:2216
- C:\Windows\System\dAEvjEZ.exe
  C:\Windows\System\dAEvjEZ.exe
  2⤵
  PID:496
- C:\Windows\System\JSLwuBM.exe
  C:\Windows\System\JSLwuBM.exe
  2⤵
  PID:1156
- C:\Windows\System\uLkbetX.exe
  C:\Windows\System\uLkbetX.exe
  2⤵
  PID:2484
- C:\Windows\System\duCHWbL.exe
  C:\Windows\System\duCHWbL.exe
  2⤵
  PID:2256
- C:\Windows\System\GwiqOdH.exe
  C:\Windows\System\GwiqOdH.exe
  2⤵
  PID:2512
- C:\Windows\System\XmWtFRO.exe
  C:\Windows\System\XmWtFRO.exe
  2⤵
  PID:696
- C:\Windows\System\vbMpQCj.exe
  C:\Windows\System\vbMpQCj.exe
  2⤵
  PID:1784
- C:\Windows\System\OUQkoaX.exe
  C:\Windows\System\OUQkoaX.exe
  2⤵
  PID:2128
- C:\Windows\System\TwtNkOh.exe
  C:\Windows\System\TwtNkOh.exe
  2⤵
  PID:2556
- C:\Windows\System\hNRyzhf.exe
  C:\Windows\System\hNRyzhf.exe
  2⤵
  PID:1752
- C:\Windows\System\bbummTY.exe
  C:\Windows\System\bbummTY.exe
  2⤵
  PID:1552
- C:\Windows\System\HHbEVVm.exe
  C:\Windows\System\HHbEVVm.exe
  2⤵
  PID:1868
- C:\Windows\System\IkuUjqy.exe
  C:\Windows\System\IkuUjqy.exe
  2⤵
  PID:1940
- C:\Windows\System\KgbbHgc.exe
  C:\Windows\System\KgbbHgc.exe
  2⤵
  PID:2580
- C:\Windows\System\fhMsXEp.exe
  C:\Windows\System\fhMsXEp.exe
  2⤵
  PID:2672
- C:\Windows\System\fKyBTkd.exe
  C:\Windows\System\fKyBTkd.exe
  2⤵
  PID:2680
- C:\Windows\System\LseNmnI.exe
  C:\Windows\System\LseNmnI.exe
  2⤵
  PID:2808
- C:\Windows\System\quTNIIV.exe
  C:\Windows\System\quTNIIV.exe
  2⤵
  PID:756
- C:\Windows\System\TLGjMSk.exe
  C:\Windows\System\TLGjMSk.exe
  2⤵
  PID:2988
- C:\Windows\System\xxioett.exe
  C:\Windows\System\xxioett.exe
  2⤵
  PID:2604
- C:\Windows\System\CZluqjj.exe
  C:\Windows\System\CZluqjj.exe
  2⤵
  PID:1912
- C:\Windows\System\LdJDssM.exe
  C:\Windows\System\LdJDssM.exe
  2⤵
  PID:1664
- C:\Windows\System\bUNjXHv.exe
  C:\Windows\System\bUNjXHv.exe
  2⤵
  PID:2324
- C:\Windows\System\wHuuMXt.exe
  C:\Windows\System\wHuuMXt.exe
  2⤵
  PID:2276
- C:\Windows\System\HFUkgWj.exe
  C:\Windows\System\HFUkgWj.exe
  2⤵
  PID:908
- C:\Windows\System\mbbTKdA.exe
  C:\Windows\System\mbbTKdA.exe
  2⤵
  PID:1248
- C:\Windows\System\njeKbSI.exe
  C:\Windows\System\njeKbSI.exe
  2⤵
  PID:2592
- C:\Windows\System\bwGyCAp.exe
  C:\Windows\System\bwGyCAp.exe
  2⤵
  PID:1788
- C:\Windows\System\EqjpoRt.exe
  C:\Windows\System\EqjpoRt.exe
  2⤵
  PID:2700
- C:\Windows\System\NQdnfnw.exe
  C:\Windows\System\NQdnfnw.exe
  2⤵
  PID:2804
- C:\Windows\System\kTAzvzD.exe
  C:\Windows\System\kTAzvzD.exe
  2⤵
  PID:2632
- C:\Windows\System\moulXWn.exe
  C:\Windows\System\moulXWn.exe
  2⤵
  PID:2468
- C:\Windows\System\RGnEYWi.exe
  C:\Windows\System\RGnEYWi.exe
  2⤵
  PID:2344
- C:\Windows\System\wFsdAXp.exe
  C:\Windows\System\wFsdAXp.exe
  2⤵
  PID:1332
- C:\Windows\System\oaAjRFh.exe
  C:\Windows\System\oaAjRFh.exe
  2⤵
  PID:3088
- C:\Windows\System\NBeOjsu.exe
  C:\Windows\System\NBeOjsu.exe
  2⤵
  PID:3108
- C:\Windows\System\TqDixIg.exe
  C:\Windows\System\TqDixIg.exe
  2⤵
  PID:3128
- C:\Windows\System\yVnAEyB.exe
  C:\Windows\System\yVnAEyB.exe
  2⤵
  PID:3148
- C:\Windows\System\aHphTXT.exe
  C:\Windows\System\aHphTXT.exe
  2⤵
  PID:3164
- C:\Windows\System\EdHuFhG.exe
  C:\Windows\System\EdHuFhG.exe
  2⤵
  PID:3184
- C:\Windows\System\CfLiZez.exe
  C:\Windows\System\CfLiZez.exe
  2⤵
  PID:3212
- C:\Windows\System\awCoCdo.exe
  C:\Windows\System\awCoCdo.exe
  2⤵
  PID:3232
- C:\Windows\System\maYayHy.exe
  C:\Windows\System\maYayHy.exe
  2⤵
  PID:3252
- C:\Windows\System\hfboHhk.exe
  C:\Windows\System\hfboHhk.exe
  2⤵
  PID:3272
- C:\Windows\System\bMZQcui.exe
  C:\Windows\System\bMZQcui.exe
  2⤵
  PID:3296
- C:\Windows\System\jwZykrF.exe
  C:\Windows\System\jwZykrF.exe
  2⤵
  PID:3316
- C:\Windows\System\MwELTDg.exe
  C:\Windows\System\MwELTDg.exe
  2⤵
  PID:3332
- C:\Windows\System\JENUQFQ.exe
  C:\Windows\System\JENUQFQ.exe
  2⤵
  PID:3352
- C:\Windows\System\ZqglXjQ.exe
  C:\Windows\System\ZqglXjQ.exe
  2⤵
  PID:3372
- C:\Windows\System\EOpPvcb.exe
  C:\Windows\System\EOpPvcb.exe
  2⤵
  PID:3392
- C:\Windows\System\NAWWkhq.exe
  C:\Windows\System\NAWWkhq.exe
  2⤵
  PID:3408
- C:\Windows\System\HDGGbNt.exe
  C:\Windows\System\HDGGbNt.exe
  2⤵
  PID:3424
- C:\Windows\System\DhqLwxg.exe
  C:\Windows\System\DhqLwxg.exe
  2⤵
  PID:3448
- C:\Windows\System\lwGcgDC.exe
  C:\Windows\System\lwGcgDC.exe
  2⤵
  PID:3472
- C:\Windows\System\WawxUzV.exe
  C:\Windows\System\WawxUzV.exe
  2⤵
  PID:3492
- C:\Windows\System\CVxAqcJ.exe
  C:\Windows\System\CVxAqcJ.exe
  2⤵
  PID:3512
- C:\Windows\System\GcqbAgS.exe
  C:\Windows\System\GcqbAgS.exe
  2⤵
  PID:3532
- C:\Windows\System\uzSazTg.exe
  C:\Windows\System\uzSazTg.exe
  2⤵
  PID:3552
- C:\Windows\System\CNBIhjD.exe
  C:\Windows\System\CNBIhjD.exe
  2⤵
  PID:3572
- C:\Windows\System\rgSwIVh.exe
  C:\Windows\System\rgSwIVh.exe
  2⤵
  PID:3588
- C:\Windows\System\olqFfGT.exe
  C:\Windows\System\olqFfGT.exe
  2⤵
  PID:3608
- C:\Windows\System\Yeauwug.exe
  C:\Windows\System\Yeauwug.exe
  2⤵
  PID:3632
- C:\Windows\System\jNYZTti.exe
  C:\Windows\System\jNYZTti.exe
  2⤵
  PID:3648
- C:\Windows\System\WTUsReA.exe
  C:\Windows\System\WTUsReA.exe
  2⤵
  PID:3668
- C:\Windows\System\sXkmFOp.exe
  C:\Windows\System\sXkmFOp.exe
  2⤵
  PID:3696
- C:\Windows\System\zOaTPhH.exe
  C:\Windows\System\zOaTPhH.exe
  2⤵
  PID:3712
- C:\Windows\System\bVWgzKq.exe
  C:\Windows\System\bVWgzKq.exe
  2⤵
  PID:3736
- C:\Windows\System\OCLoZRL.exe
  C:\Windows\System\OCLoZRL.exe
  2⤵
  PID:3752
- C:\Windows\System\UqqrRUX.exe
  C:\Windows\System\UqqrRUX.exe
  2⤵
  PID:3772
- C:\Windows\System\anSfcqF.exe
  C:\Windows\System\anSfcqF.exe
  2⤵
  PID:3792
- C:\Windows\System\xwjODWx.exe
  C:\Windows\System\xwjODWx.exe
  2⤵
  PID:3812
- C:\Windows\System\zdTslWz.exe
  C:\Windows\System\zdTslWz.exe
  2⤵
  PID:3832
- C:\Windows\System\chlumAC.exe
  C:\Windows\System\chlumAC.exe
  2⤵
  PID:3852
- C:\Windows\System\uEqOMgy.exe
  C:\Windows\System\uEqOMgy.exe
  2⤵
  PID:3876
- C:\Windows\System\SpUHHSC.exe
  C:\Windows\System\SpUHHSC.exe
  2⤵
  PID:3892
- C:\Windows\System\sddIiai.exe
  C:\Windows\System\sddIiai.exe
  2⤵
  PID:3912
- C:\Windows\System\JVuOsFu.exe
  C:\Windows\System\JVuOsFu.exe
  2⤵
  PID:3932
- C:\Windows\System\yLDTZDe.exe
  C:\Windows\System\yLDTZDe.exe
  2⤵
  PID:3952
- C:\Windows\System\tStboZg.exe
  C:\Windows\System\tStboZg.exe
  2⤵
  PID:3976
- C:\Windows\System\BKPQWFV.exe
  C:\Windows\System\BKPQWFV.exe
  2⤵
  PID:3996
- C:\Windows\System\KhyPkKV.exe
  C:\Windows\System\KhyPkKV.exe
  2⤵
  PID:4016
- C:\Windows\System\XZCUcaJ.exe
  C:\Windows\System\XZCUcaJ.exe
  2⤵
  PID:4032
- C:\Windows\System\lWSUCfR.exe
  C:\Windows\System\lWSUCfR.exe
  2⤵
  PID:4056
- C:\Windows\System\QAJAXoQ.exe
  C:\Windows\System\QAJAXoQ.exe
  2⤵
  PID:4072
- C:\Windows\System\HYCRVSt.exe
  C:\Windows\System\HYCRVSt.exe
  2⤵
  PID:4092
- C:\Windows\System\ShWYyGv.exe
  C:\Windows\System\ShWYyGv.exe
  2⤵
  PID:2376
- C:\Windows\System\Svvunwr.exe
  C:\Windows\System\Svvunwr.exe
  2⤵
  PID:3004
- C:\Windows\System\mELvXqR.exe
  C:\Windows\System\mELvXqR.exe
  2⤵
  PID:2132
- C:\Windows\System\izDzRMQ.exe
  C:\Windows\System\izDzRMQ.exe
  2⤵
  PID:1232
- C:\Windows\System\zxjXhOi.exe
  C:\Windows\System\zxjXhOi.exe
  2⤵
  PID:1756
- C:\Windows\System\QGXEqty.exe
  C:\Windows\System\QGXEqty.exe
  2⤵
  PID:2744
- C:\Windows\System\DpXODfi.exe
  C:\Windows\System\DpXODfi.exe
  2⤵
  PID:1516
- C:\Windows\System\YrfMwrh.exe
  C:\Windows\System\YrfMwrh.exe
  2⤵
  PID:1528
- C:\Windows\System\EIFxfPu.exe
  C:\Windows\System\EIFxfPu.exe
  2⤵
  PID:2776
- C:\Windows\System\IuDmmGu.exe
  C:\Windows\System\IuDmmGu.exe
  2⤵
  PID:3100
- C:\Windows\System\hxnWeDa.exe
  C:\Windows\System\hxnWeDa.exe
  2⤵
  PID:3140
- C:\Windows\System\sPVrfkK.exe
  C:\Windows\System\sPVrfkK.exe
  2⤵
  PID:3084
- C:\Windows\System\CfFWGlY.exe
  C:\Windows\System\CfFWGlY.exe
  2⤵
  PID:3116
- C:\Windows\System\GjMnLWc.exe
  C:\Windows\System\GjMnLWc.exe
  2⤵
  PID:3228
- C:\Windows\System\EJHLcjn.exe
  C:\Windows\System\EJHLcjn.exe
  2⤵
  PID:3196
- C:\Windows\System\OEfzSFx.exe
  C:\Windows\System\OEfzSFx.exe
  2⤵
  PID:3312
- C:\Windows\System\euzewbj.exe
  C:\Windows\System\euzewbj.exe
  2⤵
  PID:3344
- C:\Windows\System\MGCAyaM.exe
  C:\Windows\System\MGCAyaM.exe
  2⤵
  PID:3240
- C:\Windows\System\NpAqnGy.exe
  C:\Windows\System\NpAqnGy.exe
  2⤵
  PID:3384
- C:\Windows\System\xJDNTex.exe
  C:\Windows\System\xJDNTex.exe
  2⤵
  PID:3360
- C:\Windows\System\oTvhCqf.exe
  C:\Windows\System\oTvhCqf.exe
  2⤵
  PID:3468
- C:\Windows\System\HwWAmIW.exe
  C:\Windows\System\HwWAmIW.exe
  2⤵
  PID:3504
- C:\Windows\System\lShTowj.exe
  C:\Windows\System\lShTowj.exe
  2⤵
  PID:3436
- C:\Windows\System\HLvxAIU.exe
  C:\Windows\System\HLvxAIU.exe
  2⤵
  PID:3480
- C:\Windows\System\FFNfRRl.exe
  C:\Windows\System\FFNfRRl.exe
  2⤵
  PID:3524
- C:\Windows\System\QtcySNH.exe
  C:\Windows\System\QtcySNH.exe
  2⤵
  PID:3628
- C:\Windows\System\xhThTMl.exe
  C:\Windows\System\xhThTMl.exe
  2⤵
  PID:3660
- C:\Windows\System\oaWeDGp.exe
  C:\Windows\System\oaWeDGp.exe
  2⤵
  PID:3596
- C:\Windows\System\IQutIZW.exe
  C:\Windows\System\IQutIZW.exe
  2⤵
  PID:3684
- C:\Windows\System\PdFrIVz.exe
  C:\Windows\System\PdFrIVz.exe
  2⤵
  PID:3748
- C:\Windows\System\XedWDKQ.exe
  C:\Windows\System\XedWDKQ.exe
  2⤵
  PID:3732
- C:\Windows\System\igmLVlK.exe
  C:\Windows\System\igmLVlK.exe
  2⤵
  PID:3768
- C:\Windows\System\oIONbFJ.exe
  C:\Windows\System\oIONbFJ.exe
  2⤵
  PID:3840
- C:\Windows\System\wbAzYHU.exe
  C:\Windows\System\wbAzYHU.exe
  2⤵
  PID:3872
- C:\Windows\System\NWpQOUc.exe
  C:\Windows\System\NWpQOUc.exe
  2⤵
  PID:3908
- C:\Windows\System\UPGAIbZ.exe
  C:\Windows\System\UPGAIbZ.exe
  2⤵
  PID:3944
- C:\Windows\System\FxuOJWW.exe
  C:\Windows\System\FxuOJWW.exe
  2⤵
  PID:3920
- C:\Windows\System\xhiITIL.exe
  C:\Windows\System\xhiITIL.exe
  2⤵
  PID:3960
- C:\Windows\System\yYtbdHc.exe
  C:\Windows\System\yYtbdHc.exe
  2⤵
  PID:3972
- C:\Windows\System\LgLavrq.exe
  C:\Windows\System\LgLavrq.exe
  2⤵
  PID:468
- C:\Windows\System\JvuZfYw.exe
  C:\Windows\System\JvuZfYw.exe
  2⤵
  PID:4040
- C:\Windows\System\IcnEcpZ.exe
  C:\Windows\System\IcnEcpZ.exe
  2⤵
  PID:4052
- C:\Windows\System\UaufmJa.exe
  C:\Windows\System\UaufmJa.exe
  2⤵
  PID:4088
- C:\Windows\System\MHcUiot.exe
  C:\Windows\System\MHcUiot.exe
  2⤵
  PID:2544
- C:\Windows\System\dFlyJGd.exe
  C:\Windows\System\dFlyJGd.exe
  2⤵
  PID:1688
- C:\Windows\System\MVRXrwX.exe
  C:\Windows\System\MVRXrwX.exe
  2⤵
  PID:3060
- C:\Windows\System\ynENdFU.exe
  C:\Windows\System\ynENdFU.exe
  2⤵
  PID:1696
- C:\Windows\System\VUFWcyp.exe
  C:\Windows\System\VUFWcyp.exe
  2⤵
  PID:3096
- C:\Windows\System\eDABoDb.exe
  C:\Windows\System\eDABoDb.exe
  2⤵
  PID:3260
- C:\Windows\System\bJngqBE.exe
  C:\Windows\System\bJngqBE.exe
  2⤵
  PID:3340
- C:\Windows\System\MczAdXz.exe
  C:\Windows\System\MczAdXz.exe
  2⤵
  PID:3324
- C:\Windows\System\eYSrLeq.exe
  C:\Windows\System\eYSrLeq.exe
  2⤵
  PID:3284
- C:\Windows\System\sPHAaya.exe
  C:\Windows\System\sPHAaya.exe
  2⤵
  PID:3420
- C:\Windows\System\RdeqSBM.exe
  C:\Windows\System\RdeqSBM.exe
  2⤵
  PID:3544
- C:\Windows\System\japZoUf.exe
  C:\Windows\System\japZoUf.exe
  2⤵
  PID:3488
- C:\Windows\System\xuhxZXk.exe
  C:\Windows\System\xuhxZXk.exe
  2⤵
  PID:3604
- C:\Windows\System\jVQCYjc.exe
  C:\Windows\System\jVQCYjc.exe
  2⤵
  PID:3620
- C:\Windows\System\bntIqJR.exe
  C:\Windows\System\bntIqJR.exe
  2⤵
  PID:3560
- C:\Windows\System\iMGGdOY.exe
  C:\Windows\System\iMGGdOY.exe
  2⤵
  PID:3728
- C:\Windows\System\ZwvAsRC.exe
  C:\Windows\System\ZwvAsRC.exe
  2⤵
  PID:3808
- C:\Windows\System\bJtISOr.exe
  C:\Windows\System\bJtISOr.exe
  2⤵
  PID:3760
- C:\Windows\System\gmrUoPW.exe
  C:\Windows\System\gmrUoPW.exe
  2⤵
  PID:3864
- C:\Windows\System\RghJtCZ.exe
  C:\Windows\System\RghJtCZ.exe
  2⤵
  PID:3948
- C:\Windows\System\MECYtXc.exe
  C:\Windows\System\MECYtXc.exe
  2⤵
  PID:1760
- C:\Windows\System\RooQmwa.exe
  C:\Windows\System\RooQmwa.exe
  2⤵
  PID:2720
- C:\Windows\System\YuEfMfV.exe
  C:\Windows\System\YuEfMfV.exe
  2⤵
  PID:4084
- C:\Windows\System\pYyDgaH.exe
  C:\Windows\System\pYyDgaH.exe
  2⤵
  PID:992
- C:\Windows\System\iEMqomt.exe
  C:\Windows\System\iEMqomt.exe
  2⤵
  PID:1740
- C:\Windows\System\YbyDxaJ.exe
  C:\Windows\System\YbyDxaJ.exe
  2⤵
  PID:952
- C:\Windows\System\BTJWAsQ.exe
  C:\Windows\System\BTJWAsQ.exe
  2⤵
  PID:3348
- C:\Windows\System\RLUkDow.exe
  C:\Windows\System\RLUkDow.exe
  2⤵
  PID:3192
- C:\Windows\System\LAejskP.exe
  C:\Windows\System\LAejskP.exe
  2⤵
  PID:3464
- C:\Windows\System\XPdOBfM.exe
  C:\Windows\System\XPdOBfM.exe
  2⤵
  PID:3280
- C:\Windows\System\PSyBent.exe
  C:\Windows\System\PSyBent.exe
  2⤵
  PID:3540
- C:\Windows\System\RFJqysW.exe
  C:\Windows\System\RFJqysW.exe
  2⤵
  PID:3688
- C:\Windows\System\dfdkduC.exe
  C:\Windows\System\dfdkduC.exe
  2⤵
  PID:3900
- C:\Windows\System\vlZUcms.exe
  C:\Windows\System\vlZUcms.exe
  2⤵
  PID:3680
- C:\Windows\System\TKeTocB.exe
  C:\Windows\System\TKeTocB.exe
  2⤵
  PID:3848
- C:\Windows\System\tiTiCsV.exe
  C:\Windows\System\tiTiCsV.exe
  2⤵
  PID:4064
- C:\Windows\System\ouSeETj.exe
  C:\Windows\System\ouSeETj.exe
  2⤵
  PID:2136
- C:\Windows\System\ScjnOcx.exe
  C:\Windows\System\ScjnOcx.exe
  2⤵
  PID:2660
- C:\Windows\System\RhYdKje.exe
  C:\Windows\System\RhYdKje.exe
  2⤵
  PID:2912
- C:\Windows\System\TLTBIaK.exe
  C:\Windows\System\TLTBIaK.exe
  2⤵
  PID:3172
- C:\Windows\System\ldKDbOI.exe
  C:\Windows\System\ldKDbOI.exe
  2⤵
  PID:3404
- C:\Windows\System\AmrvGFg.exe
  C:\Windows\System\AmrvGFg.exe
  2⤵
  PID:4112
- C:\Windows\System\UpqKAZu.exe
  C:\Windows\System\UpqKAZu.exe
  2⤵
  PID:4136
- C:\Windows\System\QOELWmL.exe
  C:\Windows\System\QOELWmL.exe
  2⤵
  PID:4152
- C:\Windows\System\aCwftFd.exe
  C:\Windows\System\aCwftFd.exe
  2⤵
  PID:4172
- C:\Windows\System\IrbMwHU.exe
  C:\Windows\System\IrbMwHU.exe
  2⤵
  PID:4192
- C:\Windows\System\yKsHChU.exe
  C:\Windows\System\yKsHChU.exe
  2⤵
  PID:4212
- C:\Windows\System\JontUzC.exe
  C:\Windows\System\JontUzC.exe
  2⤵
  PID:4236
- C:\Windows\System\sELLAZe.exe
  C:\Windows\System\sELLAZe.exe
  2⤵
  PID:4252
- C:\Windows\System\MquTZAz.exe
  C:\Windows\System\MquTZAz.exe
  2⤵
  PID:4272
- C:\Windows\System\mMpbGWw.exe
  C:\Windows\System\mMpbGWw.exe
  2⤵
  PID:4292
- C:\Windows\System\aZAIfgO.exe
  C:\Windows\System\aZAIfgO.exe
  2⤵
  PID:4316
- C:\Windows\System\UjWbHrW.exe
  C:\Windows\System\UjWbHrW.exe
  2⤵
  PID:4336
- C:\Windows\System\XFvREvs.exe
  C:\Windows\System\XFvREvs.exe
  2⤵
  PID:4356
- C:\Windows\System\FwLetxN.exe
  C:\Windows\System\FwLetxN.exe
  2⤵
  PID:4372
- C:\Windows\System\DwCQtvT.exe
  C:\Windows\System\DwCQtvT.exe
  2⤵
  PID:4396
- C:\Windows\System\SZkQncH.exe
  C:\Windows\System\SZkQncH.exe
  2⤵
  PID:4416
- C:\Windows\System\DTRvfCi.exe
  C:\Windows\System\DTRvfCi.exe
  2⤵
  PID:4432
- C:\Windows\System\gAJPpdr.exe
  C:\Windows\System\gAJPpdr.exe
  2⤵
  PID:4452
- C:\Windows\System\PnAzWXp.exe
  C:\Windows\System\PnAzWXp.exe
  2⤵
  PID:4476
- C:\Windows\System\IHkAbWH.exe
  C:\Windows\System\IHkAbWH.exe
  2⤵
  PID:4492
- C:\Windows\System\WrnoRST.exe
  C:\Windows\System\WrnoRST.exe
  2⤵
  PID:4516
- C:\Windows\System\osyEzXq.exe
  C:\Windows\System\osyEzXq.exe
  2⤵
  PID:4532
- C:\Windows\System\qvFhmca.exe
  C:\Windows\System\qvFhmca.exe
  2⤵
  PID:4548
- C:\Windows\System\hyHddLR.exe
  C:\Windows\System\hyHddLR.exe
  2⤵
  PID:4568
- C:\Windows\System\RpzHUFY.exe
  C:\Windows\System\RpzHUFY.exe
  2⤵
  PID:4592
- C:\Windows\System\HuFKRGV.exe
  C:\Windows\System\HuFKRGV.exe
  2⤵
  PID:4616
- C:\Windows\System\wXgcBXP.exe
  C:\Windows\System\wXgcBXP.exe
  2⤵
  PID:4636
- C:\Windows\System\IHkBNiY.exe
  C:\Windows\System\IHkBNiY.exe
  2⤵
  PID:4652
- C:\Windows\System\KFgdsgp.exe
  C:\Windows\System\KFgdsgp.exe
  2⤵
  PID:4672
- C:\Windows\System\uKSUelN.exe
  C:\Windows\System\uKSUelN.exe
  2⤵
  PID:4696
- C:\Windows\System\WqgSHQX.exe
  C:\Windows\System\WqgSHQX.exe
  2⤵
  PID:4716
- C:\Windows\System\QlBCTgv.exe
  C:\Windows\System\QlBCTgv.exe
  2⤵
  PID:4732
- C:\Windows\System\OaQqlOD.exe
  C:\Windows\System\OaQqlOD.exe
  2⤵
  PID:4752
- C:\Windows\System\AzPNoIm.exe
  C:\Windows\System\AzPNoIm.exe
  2⤵
  PID:4768
- C:\Windows\System\ZICMqVb.exe
  C:\Windows\System\ZICMqVb.exe
  2⤵
  PID:4796
- C:\Windows\System\fXTyqXb.exe
  C:\Windows\System\fXTyqXb.exe
  2⤵
  PID:4812
- C:\Windows\System\cUHprjm.exe
  C:\Windows\System\cUHprjm.exe
  2⤵
  PID:4836
- C:\Windows\System\OHFFUeT.exe
  C:\Windows\System\OHFFUeT.exe
  2⤵
  PID:4852
- C:\Windows\System\FcvoZfP.exe
  C:\Windows\System\FcvoZfP.exe
  2⤵
  PID:4872
- C:\Windows\System\kGevXFi.exe
  C:\Windows\System\kGevXFi.exe
  2⤵
  PID:4888
- C:\Windows\System\OJPaXoD.exe
  C:\Windows\System\OJPaXoD.exe
  2⤵
  PID:4912
- C:\Windows\System\fsSEQMu.exe
  C:\Windows\System\fsSEQMu.exe
  2⤵
  PID:4932
- C:\Windows\System\dPETcmL.exe
  C:\Windows\System\dPETcmL.exe
  2⤵
  PID:4956
- C:\Windows\System\HvelBWw.exe
  C:\Windows\System\HvelBWw.exe
  2⤵
  PID:4972
- C:\Windows\System\UAgQVWN.exe
  C:\Windows\System\UAgQVWN.exe
  2⤵
  PID:4992
- C:\Windows\System\ohxpVUw.exe
  C:\Windows\System\ohxpVUw.exe
  2⤵
  PID:5012
- C:\Windows\System\cCayodO.exe
  C:\Windows\System\cCayodO.exe
  2⤵
  PID:5032
- C:\Windows\System\rHazWcB.exe
  C:\Windows\System\rHazWcB.exe
  2⤵
  PID:5056
- C:\Windows\System\zhuxeHe.exe
  C:\Windows\System\zhuxeHe.exe
  2⤵
  PID:5072
- C:\Windows\System\GXxSlXK.exe
  C:\Windows\System\GXxSlXK.exe
  2⤵
  PID:5096
- C:\Windows\System\dJobNvA.exe
  C:\Windows\System\dJobNvA.exe
  2⤵
  PID:5112
- C:\Windows\System\UJMYVWX.exe
  C:\Windows\System\UJMYVWX.exe
  2⤵
  PID:3208
- C:\Windows\System\yooGzHd.exe
  C:\Windows\System\yooGzHd.exe
  2⤵
  PID:3304
- C:\Windows\System\dKlOSKb.exe
  C:\Windows\System\dKlOSKb.exe
  2⤵
  PID:3788
- C:\Windows\System\CLReixo.exe
  C:\Windows\System\CLReixo.exe
  2⤵
  PID:3828
- C:\Windows\System\etqpuFq.exe
  C:\Windows\System\etqpuFq.exe
  2⤵
  PID:3968
- C:\Windows\System\KfdQnEW.exe
  C:\Windows\System\KfdQnEW.exe
  2⤵
  PID:3268
- C:\Windows\System\yzGFHyL.exe
  C:\Windows\System\yzGFHyL.exe
  2⤵
  PID:4108
- C:\Windows\System\AWDdVHM.exe
  C:\Windows\System\AWDdVHM.exe
  2⤵
  PID:4144
- C:\Windows\System\ZxFSXkT.exe
  C:\Windows\System\ZxFSXkT.exe
  2⤵
  PID:4128
- C:\Windows\System\jxiLbCa.exe
  C:\Windows\System\jxiLbCa.exe
  2⤵
  PID:4164
- C:\Windows\System\gkIryfe.exe
  C:\Windows\System\gkIryfe.exe
  2⤵
  PID:4232
- C:\Windows\System\mIXHQTN.exe
  C:\Windows\System\mIXHQTN.exe
  2⤵
  PID:4268
- C:\Windows\System\iTxcWqy.exe
  C:\Windows\System\iTxcWqy.exe
  2⤵
  PID:4304
- C:\Windows\System\jZshvyv.exe
  C:\Windows\System\jZshvyv.exe
  2⤵
  PID:4288
- C:\Windows\System\isXKJyB.exe
  C:\Windows\System\isXKJyB.exe
  2⤵
  PID:4348
- C:\Windows\System\VqqYUCO.exe
  C:\Windows\System\VqqYUCO.exe
  2⤵
  PID:4388
- C:\Windows\System\YBQqHUP.exe
  C:\Windows\System\YBQqHUP.exe
  2⤵
  PID:4424
- C:\Windows\System\QsDMStI.exe
  C:\Windows\System\QsDMStI.exe
  2⤵
  PID:4472
- C:\Windows\System\XDjJHwL.exe
  C:\Windows\System\XDjJHwL.exe
  2⤵
  PID:4468
- C:\Windows\System\eJtsseX.exe
  C:\Windows\System\eJtsseX.exe
  2⤵
  PID:4504
- C:\Windows\System\AYAKNoy.exe
  C:\Windows\System\AYAKNoy.exe
  2⤵
  PID:4588
- C:\Windows\System\pvaTYFB.exe
  C:\Windows\System\pvaTYFB.exe
  2⤵
  PID:4528
- C:\Windows\System\GOHyoDQ.exe
  C:\Windows\System\GOHyoDQ.exe
  2⤵
  PID:4632
- C:\Windows\System\fljjUpp.exe
  C:\Windows\System\fljjUpp.exe
  2⤵
  PID:4664
- C:\Windows\System\AriIiET.exe
  C:\Windows\System\AriIiET.exe
  2⤵
  PID:4704
- C:\Windows\System\blykhee.exe
  C:\Windows\System\blykhee.exe
  2⤵
  PID:4688
- C:\Windows\System\dhyvnRf.exe
  C:\Windows\System\dhyvnRf.exe
  2⤵
  PID:4780
- C:\Windows\System\LVlbarN.exe
  C:\Windows\System\LVlbarN.exe
  2⤵
  PID:4784
- C:\Windows\System\txHfwwF.exe
  C:\Windows\System\txHfwwF.exe
  2⤵
  PID:4832
- C:\Windows\System\UBQFOFU.exe
  C:\Windows\System\UBQFOFU.exe
  2⤵
  PID:4868
- C:\Windows\System\kEKFomu.exe
  C:\Windows\System\kEKFomu.exe
  2⤵
  PID:4884
- C:\Windows\System\TrGgkqU.exe
  C:\Windows\System\TrGgkqU.exe
  2⤵
  PID:4924
- C:\Windows\System\lPMXkjd.exe
  C:\Windows\System\lPMXkjd.exe
  2⤵
  PID:4944
- C:\Windows\System\ctHyKEO.exe
  C:\Windows\System\ctHyKEO.exe
  2⤵
  PID:5020
- C:\Windows\System\nwUVFbo.exe
  C:\Windows\System\nwUVFbo.exe
  2⤵
  PID:4964
- C:\Windows\System\FKmVlTf.exe
  C:\Windows\System\FKmVlTf.exe
  2⤵
  PID:5044
- C:\Windows\System\OHPFHxU.exe
  C:\Windows\System\OHPFHxU.exe
  2⤵
  PID:5080
- C:\Windows\System\jlxtPDJ.exe
  C:\Windows\System\jlxtPDJ.exe
  2⤵
  PID:5088
- C:\Windows\System\VDbEena.exe
  C:\Windows\System\VDbEena.exe
  2⤵
  PID:3616
- C:\Windows\System\hwUxioU.exe
  C:\Windows\System\hwUxioU.exe
  2⤵
  PID:3784
- C:\Windows\System\KpPaWHV.exe
  C:\Windows\System\KpPaWHV.exe
  2⤵
  PID:3144
- C:\Windows\System\fxpBaxa.exe
  C:\Windows\System\fxpBaxa.exe
  2⤵
  PID:4100
- C:\Windows\System\hDckXsE.exe
  C:\Windows\System\hDckXsE.exe
  2⤵
  PID:544
- C:\Windows\System\NRQowwq.exe
  C:\Windows\System\NRQowwq.exe
  2⤵
  PID:4208
- C:\Windows\System\rwqRRim.exe
  C:\Windows\System\rwqRRim.exe
  2⤵
  PID:4260
- C:\Windows\System\KZEJQQa.exe
  C:\Windows\System\KZEJQQa.exe
  2⤵
  PID:4284
- C:\Windows\System\wPVfwHv.exe
  C:\Windows\System\wPVfwHv.exe
  2⤵
  PID:4280
- C:\Windows\System\ymqDBYw.exe
  C:\Windows\System\ymqDBYw.exe
  2⤵
  PID:4464
- C:\Windows\System\sVeLpQk.exe
  C:\Windows\System\sVeLpQk.exe
  2⤵
  PID:4404
- C:\Windows\System\qSMGUDT.exe
  C:\Windows\System\qSMGUDT.exe
  2⤵
  PID:4512
- C:\Windows\System\BcMknKi.exe
  C:\Windows\System\BcMknKi.exe
  2⤵
  PID:4600
- C:\Windows\System\onNBxIN.exe
  C:\Windows\System\onNBxIN.exe
  2⤵
  PID:4544
- C:\Windows\System\txGKBUe.exe
  C:\Windows\System\txGKBUe.exe
  2⤵
  PID:4708
- C:\Windows\System\vlxkmsk.exe
  C:\Windows\System\vlxkmsk.exe
  2⤵
  PID:4728
- C:\Windows\System\jVnGuNS.exe
  C:\Windows\System\jVnGuNS.exe
  2⤵
  PID:2380
- C:\Windows\System\UDTnjjP.exe
  C:\Windows\System\UDTnjjP.exe
  2⤵
  PID:4860
- C:\Windows\System\UDmrOzb.exe
  C:\Windows\System\UDmrOzb.exe
  2⤵
  PID:4980
- C:\Windows\System\hHmqjtf.exe
  C:\Windows\System\hHmqjtf.exe
  2⤵
  PID:4904
- C:\Windows\System\zshcLTh.exe
  C:\Windows\System\zshcLTh.exe
  2⤵
  PID:4948
- C:\Windows\System\EGgVHRY.exe
  C:\Windows\System\EGgVHRY.exe
  2⤵
  PID:5108
- C:\Windows\System\YwikbiZ.exe
  C:\Windows\System\YwikbiZ.exe
  2⤵
  PID:5052
- C:\Windows\System\JDhAbjl.exe
  C:\Windows\System\JDhAbjl.exe
  2⤵
  PID:2760
- C:\Windows\System\REzOIWz.exe
  C:\Windows\System\REzOIWz.exe
  2⤵
  PID:4080
- C:\Windows\System\kPMunIB.exe
  C:\Windows\System\kPMunIB.exe
  2⤵
  PID:4204
- C:\Windows\System\cTPheSY.exe
  C:\Windows\System\cTPheSY.exe
  2⤵
  PID:4344
- C:\Windows\System\SPQyGHe.exe
  C:\Windows\System\SPQyGHe.exe
  2⤵
  PID:4412
- C:\Windows\System\ZuDwsnu.exe
  C:\Windows\System\ZuDwsnu.exe
  2⤵
  PID:4668
- C:\Windows\System\vbvIkWL.exe
  C:\Windows\System\vbvIkWL.exe
  2⤵
  PID:4368
- C:\Windows\System\rAVBBfV.exe
  C:\Windows\System\rAVBBfV.exe
  2⤵
  PID:4564
- C:\Windows\System\IUtEfFh.exe
  C:\Windows\System\IUtEfFh.exe
  2⤵
  PID:4680
- C:\Windows\System\xmfmyXL.exe
  C:\Windows\System\xmfmyXL.exe
  2⤵
  PID:4804
- C:\Windows\System\fTmeNxW.exe
  C:\Windows\System\fTmeNxW.exe
  2⤵
  PID:5128
- C:\Windows\System\AMbLOnR.exe
  C:\Windows\System\AMbLOnR.exe
  2⤵
  PID:5152
- C:\Windows\System\cBCTSvD.exe
  C:\Windows\System\cBCTSvD.exe
  2⤵
  PID:5176
- C:\Windows\System\aPhfjss.exe
  C:\Windows\System\aPhfjss.exe
  2⤵
  PID:5200
- C:\Windows\System\BGRUOUQ.exe
  C:\Windows\System\BGRUOUQ.exe
  2⤵
  PID:5224
- C:\Windows\System\rEPhnXE.exe
  C:\Windows\System\rEPhnXE.exe
  2⤵
  PID:5248
- C:\Windows\System\YxjlUFb.exe
  C:\Windows\System\YxjlUFb.exe
  2⤵
  PID:5272
- C:\Windows\System\AamSxzg.exe
  C:\Windows\System\AamSxzg.exe
  2⤵
  PID:5296
- C:\Windows\System\VKgSkch.exe
  C:\Windows\System\VKgSkch.exe
  2⤵
  PID:5320
- C:\Windows\System\AFwKqRq.exe
  C:\Windows\System\AFwKqRq.exe
  2⤵
  PID:5340
- C:\Windows\System\kmJzebu.exe
  C:\Windows\System\kmJzebu.exe
  2⤵
  PID:5360
- C:\Windows\System\bIuMEJg.exe
  C:\Windows\System\bIuMEJg.exe
  2⤵
  PID:5380
- C:\Windows\System\bNIarRb.exe
  C:\Windows\System\bNIarRb.exe
  2⤵
  PID:5400
- C:\Windows\System\gzwFUMy.exe
  C:\Windows\System\gzwFUMy.exe
  2⤵
  PID:5420
- C:\Windows\System\KpeYiwl.exe
  C:\Windows\System\KpeYiwl.exe
  2⤵
  PID:5440
- C:\Windows\System\WaygbXc.exe
  C:\Windows\System\WaygbXc.exe
  2⤵
  PID:5460
- C:\Windows\System\vZKDxsC.exe
  C:\Windows\System\vZKDxsC.exe
  2⤵
  PID:5480
- C:\Windows\System\HvFipyW.exe
  C:\Windows\System\HvFipyW.exe
  2⤵
  PID:5500
- C:\Windows\System\ciCSoYo.exe
  C:\Windows\System\ciCSoYo.exe
  2⤵
  PID:5520
- C:\Windows\System\rngoxLr.exe
  C:\Windows\System\rngoxLr.exe
  2⤵
  PID:5540
- C:\Windows\System\XsiUuLH.exe
  C:\Windows\System\XsiUuLH.exe
  2⤵
  PID:5560
- C:\Windows\System\InERIcj.exe
  C:\Windows\System\InERIcj.exe
  2⤵
  PID:5580
- C:\Windows\System\fHTsmxs.exe
  C:\Windows\System\fHTsmxs.exe
  2⤵
  PID:5600
- C:\Windows\System\NzsOnjh.exe
  C:\Windows\System\NzsOnjh.exe
  2⤵
  PID:5620
- C:\Windows\System\xHDqWeE.exe
  C:\Windows\System\xHDqWeE.exe
  2⤵
  PID:5640
- C:\Windows\System\UCwvKPy.exe
  C:\Windows\System\UCwvKPy.exe
  2⤵
  PID:5660
- C:\Windows\System\ySEaJmB.exe
  C:\Windows\System\ySEaJmB.exe
  2⤵
  PID:5680
- C:\Windows\System\VMiDVxM.exe
  C:\Windows\System\VMiDVxM.exe
  2⤵
  PID:5700
- C:\Windows\System\ATwVHWz.exe
  C:\Windows\System\ATwVHWz.exe
  2⤵
  PID:5720
- C:\Windows\System\oetQAUT.exe
  C:\Windows\System\oetQAUT.exe
  2⤵
  PID:5740
- C:\Windows\System\spalLfX.exe
  C:\Windows\System\spalLfX.exe
  2⤵
  PID:5760
- C:\Windows\System\ZVfpWFj.exe
  C:\Windows\System\ZVfpWFj.exe
  2⤵
  PID:5780
- C:\Windows\System\VkbGMOS.exe
  C:\Windows\System\VkbGMOS.exe
  2⤵
  PID:5800
- C:\Windows\System\LotTLXg.exe
  C:\Windows\System\LotTLXg.exe
  2⤵
  PID:5820
- C:\Windows\System\xnEUTXr.exe
  C:\Windows\System\xnEUTXr.exe
  2⤵
  PID:5840
- C:\Windows\System\GdListA.exe
  C:\Windows\System\GdListA.exe
  2⤵
  PID:5860
- C:\Windows\System\ojtkIJN.exe
  C:\Windows\System\ojtkIJN.exe
  2⤵
  PID:5880
- C:\Windows\System\jSontwq.exe
  C:\Windows\System\jSontwq.exe
  2⤵
  PID:5900
- C:\Windows\System\dULaIlX.exe
  C:\Windows\System\dULaIlX.exe
  2⤵
  PID:5920
- C:\Windows\System\FRpBTmM.exe
  C:\Windows\System\FRpBTmM.exe
  2⤵
  PID:5940
- C:\Windows\System\hIFEIpy.exe
  C:\Windows\System\hIFEIpy.exe
  2⤵
  PID:5960
- C:\Windows\System\UyYSHYK.exe
  C:\Windows\System\UyYSHYK.exe
  2⤵
  PID:5980
- C:\Windows\System\tRaHgEb.exe
  C:\Windows\System\tRaHgEb.exe
  2⤵
  PID:6000
- C:\Windows\System\GqfzSIX.exe
  C:\Windows\System\GqfzSIX.exe
  2⤵
  PID:6016
- C:\Windows\System\vTJEbFf.exe
  C:\Windows\System\vTJEbFf.exe
  2⤵
  PID:6040
- C:\Windows\System\eWEQJEi.exe
  C:\Windows\System\eWEQJEi.exe
  2⤵
  PID:6060
- C:\Windows\System\flmTVaL.exe
  C:\Windows\System\flmTVaL.exe
  2⤵
  PID:6080
- C:\Windows\System\kwtwTGi.exe
  C:\Windows\System\kwtwTGi.exe
  2⤵
  PID:6100
- C:\Windows\System\lTdzjvV.exe
  C:\Windows\System\lTdzjvV.exe
  2⤵
  PID:6120
- C:\Windows\System\lfZGIbC.exe
  C:\Windows\System\lfZGIbC.exe
  2⤵
  PID:6140
- C:\Windows\System\lDdETLV.exe
  C:\Windows\System\lDdETLV.exe
  2⤵
  PID:5008
- C:\Windows\System\pcxkFIE.exe
  C:\Windows\System\pcxkFIE.exe
  2⤵
  PID:3564
- C:\Windows\System\lcLusha.exe
  C:\Windows\System\lcLusha.exe
  2⤵
  PID:3692
- C:\Windows\System\GPsrLxo.exe
  C:\Windows\System\GPsrLxo.exe
  2⤵
  PID:2076
- C:\Windows\System\plnvlkR.exe
  C:\Windows\System\plnvlkR.exe
  2⤵
  PID:4224
- C:\Windows\System\oASteRw.exe
  C:\Windows\System\oASteRw.exe
  2⤵
  PID:4300
- C:\Windows\System\GBQLNcU.exe
  C:\Windows\System\GBQLNcU.exe
  2⤵
  PID:4384
- C:\Windows\System\eItQUFb.exe
  C:\Windows\System\eItQUFb.exe
  2⤵
  PID:4692
- C:\Windows\System\PhmkBMb.exe
  C:\Windows\System\PhmkBMb.exe
  2⤵
  PID:5124
- C:\Windows\System\fCpblmS.exe
  C:\Windows\System\fCpblmS.exe
  2⤵
  PID:5148
- C:\Windows\System\Jhmaxvl.exe
  C:\Windows\System\Jhmaxvl.exe
  2⤵
  PID:5184
- C:\Windows\System\JaODbOP.exe
  C:\Windows\System\JaODbOP.exe
  2⤵
  PID:5188
- C:\Windows\System\kHkGXUX.exe
  C:\Windows\System\kHkGXUX.exe
  2⤵
  PID:5240
- C:\Windows\System\RLlfzVw.exe
  C:\Windows\System\RLlfzVw.exe
  2⤵
  PID:5312
- C:\Windows\System\HECYhwV.exe
  C:\Windows\System\HECYhwV.exe
  2⤵
  PID:5356
- C:\Windows\System\GalCekM.exe
  C:\Windows\System\GalCekM.exe
  2⤵
  PID:5376
- C:\Windows\System\qycVotM.exe
  C:\Windows\System\qycVotM.exe
  2⤵
  PID:5408
- C:\Windows\System\uHhjBYf.exe
  C:\Windows\System\uHhjBYf.exe
  2⤵
  PID:5412
- C:\Windows\System\cDhsftT.exe
  C:\Windows\System\cDhsftT.exe
  2⤵
  PID:5476
- C:\Windows\System\dSGUrLB.exe
  C:\Windows\System\dSGUrLB.exe
  2⤵
  PID:5512
- C:\Windows\System\okfvWCA.exe
  C:\Windows\System\okfvWCA.exe
  2⤵
  PID:5556
- C:\Windows\System\LZOQzMz.exe
  C:\Windows\System\LZOQzMz.exe
  2⤵
  PID:5568
- C:\Windows\System\zqZhHsf.exe
  C:\Windows\System\zqZhHsf.exe
  2⤵
  PID:5608
- C:\Windows\System\jIUnVkI.exe
  C:\Windows\System\jIUnVkI.exe
  2⤵
  PID:5632
- C:\Windows\System\VDcVFFF.exe
  C:\Windows\System\VDcVFFF.exe
  2⤵
  PID:5672
- C:\Windows\System\KhNgifu.exe
  C:\Windows\System\KhNgifu.exe
  2⤵
  PID:5692
- C:\Windows\System\VOhEJcP.exe
  C:\Windows\System\VOhEJcP.exe
  2⤵
  PID:5736
- C:\Windows\System\ePVWZYC.exe
  C:\Windows\System\ePVWZYC.exe
  2⤵
  PID:5768
- C:\Windows\System\tPNCyJT.exe
  C:\Windows\System\tPNCyJT.exe
  2⤵
  PID:5808
- C:\Windows\System\zHTGaAw.exe
  C:\Windows\System\zHTGaAw.exe
  2⤵
  PID:5812
- C:\Windows\System\uQgYUxU.exe
  C:\Windows\System\uQgYUxU.exe
  2⤵
  PID:5876
- C:\Windows\System\NjoqhTL.exe
  C:\Windows\System\NjoqhTL.exe
  2⤵
  PID:5916
- C:\Windows\System\JuAwtLu.exe
  C:\Windows\System\JuAwtLu.exe
  2⤵
  PID:5928
- C:\Windows\System\AcKLLbZ.exe
  C:\Windows\System\AcKLLbZ.exe
  2⤵
  PID:5968
- C:\Windows\System\QpAFZbZ.exe
  C:\Windows\System\QpAFZbZ.exe
  2⤵
  PID:6024
- C:\Windows\System\FjyOPgg.exe
  C:\Windows\System\FjyOPgg.exe
  2⤵
  PID:6032
- C:\Windows\System\oKBFCYt.exe
  C:\Windows\System\oKBFCYt.exe
  2⤵
  PID:6052
- C:\Windows\System\assTEgc.exe
  C:\Windows\System\assTEgc.exe
  2⤵
  PID:6096
- C:\Windows\System\HvFydJO.exe
  C:\Windows\System\HvFydJO.exe
  2⤵
  PID:6128
- C:\Windows\System\FaYtogD.exe
  C:\Windows\System\FaYtogD.exe
  2⤵
  PID:5040
- C:\Windows\System\hYmKGIb.exe
  C:\Windows\System\hYmKGIb.exe
  2⤵
  PID:3656
- C:\Windows\System\lxsrdOp.exe
  C:\Windows\System\lxsrdOp.exe
  2⤵
  PID:4132
- C:\Windows\System\MqFdDtv.exe
  C:\Windows\System\MqFdDtv.exe
  2⤵
  PID:4308
- C:\Windows\System\bPkqXqB.exe
  C:\Windows\System\bPkqXqB.exe
  2⤵
  PID:4328
- C:\Windows\System\ApvRIsL.exe
  C:\Windows\System\ApvRIsL.exe
  2⤵
  PID:5136
- C:\Windows\System\RpJVsrT.exe
  C:\Windows\System\RpJVsrT.exe
  2⤵
  PID:5208
- C:\Windows\System\DRiQiHK.exe
  C:\Windows\System\DRiQiHK.exe
  2⤵
  PID:5280
- C:\Windows\System\efbWRCs.exe
  C:\Windows\System\efbWRCs.exe
  2⤵
  PID:5328
- C:\Windows\System\kQIOqNz.exe
  C:\Windows\System\kQIOqNz.exe
  2⤵
  PID:5392
- C:\Windows\System\aOAVive.exe
  C:\Windows\System\aOAVive.exe
  2⤵
  PID:5436
- C:\Windows\System\sOzgGOn.exe
  C:\Windows\System\sOzgGOn.exe
  2⤵
  PID:5452
- C:\Windows\System\PFccBDl.exe
  C:\Windows\System\PFccBDl.exe
  2⤵
  PID:5592
- C:\Windows\System\ukqwQva.exe
  C:\Windows\System\ukqwQva.exe
  2⤵
  PID:5628
- C:\Windows\System\iBqRdBl.exe
  C:\Windows\System\iBqRdBl.exe
  2⤵
  PID:5656
- C:\Windows\System\LGYWBwL.exe
  C:\Windows\System\LGYWBwL.exe
  2⤵
  PID:5728
- C:\Windows\System\eMBBrfT.exe
  C:\Windows\System\eMBBrfT.exe
  2⤵
  PID:5752
- C:\Windows\System\ALWKGcM.exe
  C:\Windows\System\ALWKGcM.exe
  2⤵
  PID:5848
- C:\Windows\System\SnxALgO.exe
  C:\Windows\System\SnxALgO.exe
  2⤵
  PID:1628
- C:\Windows\System\sGzToGd.exe
  C:\Windows\System\sGzToGd.exe
  2⤵
  PID:5948
- C:\Windows\System\UygCoTK.exe
  C:\Windows\System\UygCoTK.exe
  2⤵
  PID:5972
- C:\Windows\System\BxLUdeD.exe
  C:\Windows\System\BxLUdeD.exe
  2⤵
  PID:6056
- C:\Windows\System\NlZlvbt.exe
  C:\Windows\System\NlZlvbt.exe
  2⤵
  PID:4968
- C:\Windows\System\pGDlfJI.exe
  C:\Windows\System\pGDlfJI.exe
  2⤵
  PID:6132
- C:\Windows\System\QjoGCJk.exe
  C:\Windows\System\QjoGCJk.exe
  2⤵
  PID:4160
- C:\Windows\System\TGaZyWC.exe
  C:\Windows\System\TGaZyWC.exe
  2⤵
  PID:4500
- C:\Windows\System\pEFBoko.exe
  C:\Windows\System\pEFBoko.exe
  2⤵
  PID:5168
- C:\Windows\System\CUMzslb.exe
  C:\Windows\System\CUMzslb.exe
  2⤵
  PID:5212
- C:\Windows\System\wQjKdrz.exe
  C:\Windows\System\wQjKdrz.exe
  2⤵
  PID:5292
- C:\Windows\System\UMpsokD.exe
  C:\Windows\System\UMpsokD.exe
  2⤵
  PID:5352
- C:\Windows\System\nqLTywB.exe
  C:\Windows\System\nqLTywB.exe
  2⤵
  PID:5548
- C:\Windows\System\nvXGpxp.exe
  C:\Windows\System\nvXGpxp.exe
  2⤵
  PID:5596
- C:\Windows\System\viSILWP.exe
  C:\Windows\System\viSILWP.exe
  2⤵
  PID:5612
- C:\Windows\System\wgVhOQz.exe
  C:\Windows\System\wgVhOQz.exe
  2⤵
  PID:5796
- C:\Windows\System\VjOLcIZ.exe
  C:\Windows\System\VjOLcIZ.exe
  2⤵
  PID:6160
- C:\Windows\System\bBbasMW.exe
  C:\Windows\System\bBbasMW.exe
  2⤵
  PID:6180
- C:\Windows\System\cCspcRy.exe
  C:\Windows\System\cCspcRy.exe
  2⤵
  PID:6200
- C:\Windows\System\rZbtYxB.exe
  C:\Windows\System\rZbtYxB.exe
  2⤵
  PID:6220
- C:\Windows\System\FHdjWsM.exe
  C:\Windows\System\FHdjWsM.exe
  2⤵
  PID:6240
- C:\Windows\System\PZRntOR.exe
  C:\Windows\System\PZRntOR.exe
  2⤵
  PID:6260
- C:\Windows\System\rNnRKPx.exe
  C:\Windows\System\rNnRKPx.exe
  2⤵
  PID:6280
- C:\Windows\System\NNDnUaA.exe
  C:\Windows\System\NNDnUaA.exe
  2⤵
  PID:6300
- C:\Windows\System\hfNEHuD.exe
  C:\Windows\System\hfNEHuD.exe
  2⤵
  PID:6320
- C:\Windows\System\VlXkCGV.exe
  C:\Windows\System\VlXkCGV.exe
  2⤵
  PID:6340
- C:\Windows\System\oPSbuXC.exe
  C:\Windows\System\oPSbuXC.exe
  2⤵
  PID:6360
- C:\Windows\System\LfqJpKc.exe
  C:\Windows\System\LfqJpKc.exe
  2⤵
  PID:6380
- C:\Windows\System\PmNGFZq.exe
  C:\Windows\System\PmNGFZq.exe
  2⤵
  PID:6400
- C:\Windows\System\caCSYWa.exe
  C:\Windows\System\caCSYWa.exe
  2⤵
  PID:6420
- C:\Windows\System\toEBxdL.exe
  C:\Windows\System\toEBxdL.exe
  2⤵
  PID:6440
- C:\Windows\System\TyxvzYv.exe
  C:\Windows\System\TyxvzYv.exe
  2⤵
  PID:6460
- C:\Windows\System\rDcmEYF.exe
  C:\Windows\System\rDcmEYF.exe
  2⤵
  PID:6480
- C:\Windows\System\AWfMFPu.exe
  C:\Windows\System\AWfMFPu.exe
  2⤵
  PID:6500
- C:\Windows\System\wqTDWnl.exe
  C:\Windows\System\wqTDWnl.exe
  2⤵
  PID:6520
- C:\Windows\System\nOIxCdC.exe
  C:\Windows\System\nOIxCdC.exe
  2⤵
  PID:6540
- C:\Windows\System\lnGOvWf.exe
  C:\Windows\System\lnGOvWf.exe
  2⤵
  PID:6560
- C:\Windows\System\LMOWukc.exe
  C:\Windows\System\LMOWukc.exe
  2⤵
  PID:6580
- C:\Windows\System\hDLCedN.exe
  C:\Windows\System\hDLCedN.exe
  2⤵
  PID:6600
- C:\Windows\System\nwUMaJv.exe
  C:\Windows\System\nwUMaJv.exe
  2⤵
  PID:6620
- C:\Windows\System\kyrWTmc.exe
  C:\Windows\System\kyrWTmc.exe
  2⤵
  PID:6640
- C:\Windows\System\FsImifm.exe
  C:\Windows\System\FsImifm.exe
  2⤵
  PID:6660
- C:\Windows\System\xNyjgpx.exe
  C:\Windows\System\xNyjgpx.exe
  2⤵
  PID:6680
- C:\Windows\System\VEXyDdX.exe
  C:\Windows\System\VEXyDdX.exe
  2⤵
  PID:6700
- C:\Windows\System\snqWoVe.exe
  C:\Windows\System\snqWoVe.exe
  2⤵
  PID:6720
- C:\Windows\System\qbuadVV.exe
  C:\Windows\System\qbuadVV.exe
  2⤵
  PID:6740
- C:\Windows\System\qdnrLAX.exe
  C:\Windows\System\qdnrLAX.exe
  2⤵
  PID:6760
- C:\Windows\System\xMOZbjx.exe
  C:\Windows\System\xMOZbjx.exe
  2⤵
  PID:6780
- C:\Windows\System\ERZTSEV.exe
  C:\Windows\System\ERZTSEV.exe
  2⤵
  PID:6800
- C:\Windows\System\xfCDhlO.exe
  C:\Windows\System\xfCDhlO.exe
  2⤵
  PID:6820
- C:\Windows\System\aaRApNk.exe
  C:\Windows\System\aaRApNk.exe
  2⤵
  PID:6840
- C:\Windows\System\HhAqRAR.exe
  C:\Windows\System\HhAqRAR.exe
  2⤵
  PID:6860
- C:\Windows\System\WgAQBmP.exe
  C:\Windows\System\WgAQBmP.exe
  2⤵
  PID:6880
- C:\Windows\System\wyxsVRX.exe
  C:\Windows\System\wyxsVRX.exe
  2⤵
  PID:6900
- C:\Windows\System\kWVaYih.exe
  C:\Windows\System\kWVaYih.exe
  2⤵
  PID:6920
- C:\Windows\System\XWTbUWw.exe
  C:\Windows\System\XWTbUWw.exe
  2⤵
  PID:6940
- C:\Windows\System\osmtUYK.exe
  C:\Windows\System\osmtUYK.exe
  2⤵
  PID:6960
- C:\Windows\System\pgjXvzJ.exe
  C:\Windows\System\pgjXvzJ.exe
  2⤵
  PID:6980
- C:\Windows\System\EvBcTtg.exe
  C:\Windows\System\EvBcTtg.exe
  2⤵
  PID:7000
- C:\Windows\System\eLlidvm.exe
  C:\Windows\System\eLlidvm.exe
  2⤵
  PID:7020
- C:\Windows\System\kMNUyZl.exe
  C:\Windows\System\kMNUyZl.exe
  2⤵
  PID:7040
- C:\Windows\System\ngnFZlp.exe
  C:\Windows\System\ngnFZlp.exe
  2⤵
  PID:7060
- C:\Windows\System\PBTSPHc.exe
  C:\Windows\System\PBTSPHc.exe
  2⤵
  PID:7080
- C:\Windows\System\cnUxzVH.exe
  C:\Windows\System\cnUxzVH.exe
  2⤵
  PID:7100
- C:\Windows\System\AoMirmX.exe
  C:\Windows\System\AoMirmX.exe
  2⤵
  PID:7120
- C:\Windows\System\xXqtzHC.exe
  C:\Windows\System\xXqtzHC.exe
  2⤵
  PID:7140
- C:\Windows\System\WIyeGvt.exe
  C:\Windows\System\WIyeGvt.exe
  2⤵
  PID:7160
- C:\Windows\System\eRDSBZh.exe
  C:\Windows\System\eRDSBZh.exe
  2⤵
  PID:5896
- C:\Windows\System\fIClygw.exe
  C:\Windows\System\fIClygw.exe
  2⤵
  PID:5992
- C:\Windows\System\kGockGp.exe
  C:\Windows\System\kGockGp.exe
  2⤵
  PID:6012
- C:\Windows\System\tzGnBET.exe
  C:\Windows\System\tzGnBET.exe
  2⤵
  PID:6108
- C:\Windows\System\BThFURI.exe
  C:\Windows\System\BThFURI.exe
  2⤵
  PID:5004
- C:\Windows\System\QHJDYdC.exe
  C:\Windows\System\QHJDYdC.exe
  2⤵
  PID:5160
- C:\Windows\System\TGHiyBI.exe
  C:\Windows\System\TGHiyBI.exe
  2⤵
  PID:5172
- C:\Windows\System\HnIIVyq.exe
  C:\Windows\System\HnIIVyq.exe
  2⤵
  PID:5372
- C:\Windows\System\KKLbbiO.exe
  C:\Windows\System\KKLbbiO.exe
  2⤵
  PID:5572
- C:\Windows\System\TCFQZgN.exe
  C:\Windows\System\TCFQZgN.exe
  2⤵
  PID:5756
- C:\Windows\System\CRultRP.exe
  C:\Windows\System\CRultRP.exe
  2⤵
  PID:6176
- C:\Windows\System\GwDtusR.exe
  C:\Windows\System\GwDtusR.exe
  2⤵
  PID:6196
- C:\Windows\System\edqeZVj.exe
  C:\Windows\System\edqeZVj.exe
  2⤵
  PID:6248
- C:\Windows\System\lvwwnHd.exe
  C:\Windows\System\lvwwnHd.exe
  2⤵
  PID:6268
- C:\Windows\System\KvieGyT.exe
  C:\Windows\System\KvieGyT.exe
  2⤵
  PID:6292
- C:\Windows\System\PloaXLr.exe
  C:\Windows\System\PloaXLr.exe
  2⤵
  PID:6336
- C:\Windows\System\pPGlGwG.exe
  C:\Windows\System\pPGlGwG.exe
  2⤵
  PID:6352
- C:\Windows\System\uwLVAOw.exe
  C:\Windows\System\uwLVAOw.exe
  2⤵
  PID:6396
- C:\Windows\System\VivjuWc.exe
  C:\Windows\System\VivjuWc.exe
  2⤵
  PID:6428
- C:\Windows\System\msMtrZc.exe
  C:\Windows\System\msMtrZc.exe
  2⤵
  PID:6468
- C:\Windows\System\oHoQAUw.exe
  C:\Windows\System\oHoQAUw.exe
  2⤵
  PID:6472
- C:\Windows\System\WaQjSGG.exe
  C:\Windows\System\WaQjSGG.exe
  2⤵
  PID:6536
- C:\Windows\System\liCmQLX.exe
  C:\Windows\System\liCmQLX.exe
  2⤵
  PID:6568
- C:\Windows\System\HKhsDUb.exe
  C:\Windows\System\HKhsDUb.exe
  2⤵
  PID:6608
- C:\Windows\System\ozJsgXM.exe
  C:\Windows\System\ozJsgXM.exe
  2⤵
  PID:6612
- C:\Windows\System\nmtXsXA.exe
  C:\Windows\System\nmtXsXA.exe
  2⤵
  PID:2396
- C:\Windows\System\IObzRqH.exe
  C:\Windows\System\IObzRqH.exe
  2⤵
  PID:6672
- C:\Windows\System\xwnohIr.exe
  C:\Windows\System\xwnohIr.exe
  2⤵
  PID:2408
- C:\Windows\System\VrzDPWV.exe
  C:\Windows\System\VrzDPWV.exe
  2⤵
  PID:6768
- C:\Windows\System\SEyAobT.exe
  C:\Windows\System\SEyAobT.exe
  2⤵
  PID:6788
- C:\Windows\System\zEvIHTJ.exe
  C:\Windows\System\zEvIHTJ.exe
  2⤵
  PID:6792
- C:\Windows\System\arPfMDI.exe
  C:\Windows\System\arPfMDI.exe
  2⤵
  PID:6856
- C:\Windows\System\DUSeamz.exe
  C:\Windows\System\DUSeamz.exe
  2⤵
  PID:6892
- C:\Windows\System\bGCefvp.exe
  C:\Windows\System\bGCefvp.exe
  2⤵
  PID:6908
- C:\Windows\System\vcvKeSe.exe
  C:\Windows\System\vcvKeSe.exe
  2⤵
  PID:6912
- C:\Windows\System\gPVwjul.exe
  C:\Windows\System\gPVwjul.exe
  2⤵
  PID:2500
- C:\Windows\System\dEhfhUM.exe
  C:\Windows\System\dEhfhUM.exe
  2⤵
  PID:6996
- C:\Windows\System\mQRfDeZ.exe
  C:\Windows\System\mQRfDeZ.exe
  2⤵
  PID:7028
- C:\Windows\System\LSpZlrD.exe
  C:\Windows\System\LSpZlrD.exe
  2⤵
  PID:7068
- C:\Windows\System\nBUucuy.exe
  C:\Windows\System\nBUucuy.exe
  2⤵
  PID:7128
- C:\Windows\System\QHpFogw.exe
  C:\Windows\System\QHpFogw.exe
  2⤵
  PID:5772
- C:\Windows\System\ekBBOHQ.exe
  C:\Windows\System\ekBBOHQ.exe
  2⤵
  PID:7148
- C:\Windows\System\pcKsRYC.exe
  C:\Windows\System\pcKsRYC.exe
  2⤵
  PID:5952
- C:\Windows\System\dhSLjCr.exe
  C:\Windows\System\dhSLjCr.exe
  2⤵
  PID:2924
- C:\Windows\System\VXgkWqz.exe
  C:\Windows\System\VXgkWqz.exe
  2⤵
  PID:5216
- C:\Windows\System\FWWJLhN.exe
  C:\Windows\System\FWWJLhN.exe
  2⤵
  PID:4576
- C:\Windows\System\bmCYzkB.exe
  C:\Windows\System\bmCYzkB.exe
  2⤵
  PID:6168
- C:\Windows\System\xXYNmoh.exe
  C:\Windows\System\xXYNmoh.exe
  2⤵
  PID:6156
- C:\Windows\System\AGoBTKQ.exe
  C:\Windows\System\AGoBTKQ.exe
  2⤵
  PID:6288
- C:\Windows\System\TUUfIYr.exe
  C:\Windows\System\TUUfIYr.exe
  2⤵
  PID:5712
- C:\Windows\System\bvrcpqq.exe
  C:\Windows\System\bvrcpqq.exe
  2⤵
  PID:6356
- C:\Windows\System\gdGHfcZ.exe
  C:\Windows\System\gdGHfcZ.exe
  2⤵
  PID:6416
- C:\Windows\System\OnqQUsn.exe
  C:\Windows\System\OnqQUsn.exe
  2⤵
  PID:2884
- C:\Windows\System\JermbEz.exe
  C:\Windows\System\JermbEz.exe
  2⤵
  PID:6496
- C:\Windows\System\WoJdSZT.exe
  C:\Windows\System\WoJdSZT.exe
  2⤵
  PID:6532
- C:\Windows\System\aHAEXga.exe
  C:\Windows\System\aHAEXga.exe
  2⤵
  PID:6592
- C:\Windows\System\VHoufCs.exe
  C:\Windows\System\VHoufCs.exe
  2⤵
  PID:6688
- C:\Windows\System\HcOnhAt.exe
  C:\Windows\System\HcOnhAt.exe
  2⤵
  PID:2472
- C:\Windows\System\iHuJvgg.exe
  C:\Windows\System\iHuJvgg.exe
  2⤵
  PID:6712
- C:\Windows\System\XLPosdE.exe
  C:\Windows\System\XLPosdE.exe
  2⤵
  PID:6752
- C:\Windows\System\VhfXXJL.exe
  C:\Windows\System\VhfXXJL.exe
  2⤵
  PID:6772
- C:\Windows\System\JupptCx.exe
  C:\Windows\System\JupptCx.exe
  2⤵
  PID:6896
- C:\Windows\System\mSTnNZz.exe
  C:\Windows\System\mSTnNZz.exe
  2⤵
  PID:6872
- C:\Windows\System\VfhZWzj.exe
  C:\Windows\System\VfhZWzj.exe
  2⤵
  PID:6976
- C:\Windows\System\OSYpStJ.exe
  C:\Windows\System\OSYpStJ.exe
  2⤵
  PID:6988
- C:\Windows\System\hFxAfFr.exe
  C:\Windows\System\hFxAfFr.exe
  2⤵
  PID:7032
- C:\Windows\System\BKqsmEn.exe
  C:\Windows\System\BKqsmEn.exe
  2⤵
  PID:7052
- C:\Windows\System\JHIRRSg.exe
  C:\Windows\System\JHIRRSg.exe
  2⤵
  PID:7096
- C:\Windows\System\YaFsUcc.exe
  C:\Windows\System\YaFsUcc.exe
  2⤵
  PID:5888
- C:\Windows\System\uHYWgNa.exe
  C:\Windows\System\uHYWgNa.exe
  2⤵
  PID:5908
- C:\Windows\System\CXjdzdd.exe
  C:\Windows\System\CXjdzdd.exe
  2⤵
  PID:6112
- C:\Windows\System\nQeVskA.exe
  C:\Windows\System\nQeVskA.exe
  2⤵
  PID:5496
- C:\Windows\System\qNZCTmb.exe
  C:\Windows\System\qNZCTmb.exe
  2⤵
  PID:6228
- C:\Windows\System\kAyZfbM.exe
  C:\Windows\System\kAyZfbM.exe
  2⤵
  PID:6348
- C:\Windows\System\DHwdBDn.exe
  C:\Windows\System\DHwdBDn.exe
  2⤵
  PID:5696
- C:\Windows\System\JiwUixB.exe
  C:\Windows\System\JiwUixB.exe
  2⤵
  PID:6312
- C:\Windows\System\RBpigdy.exe
  C:\Windows\System\RBpigdy.exe
  2⤵
  PID:6492
- C:\Windows\System\EwsyaNC.exe
  C:\Windows\System\EwsyaNC.exe
  2⤵
  PID:6528
- C:\Windows\System\eUalLjU.exe
  C:\Windows\System\eUalLjU.exe
  2⤵
  PID:6616
- C:\Windows\System\EFZzxqF.exe
  C:\Windows\System\EFZzxqF.exe
  2⤵
  PID:6552
- C:\Windows\System\iGAyQZs.exe
  C:\Windows\System\iGAyQZs.exe
  2⤵
  PID:6632
- C:\Windows\System\YkLjdkb.exe
  C:\Windows\System\YkLjdkb.exe
  2⤵
  PID:6708
- C:\Windows\System\qPtskHk.exe
  C:\Windows\System\qPtskHk.exe
  2⤵
  PID:2008
- C:\Windows\System\AsdjtgI.exe
  C:\Windows\System\AsdjtgI.exe
  2⤵
  PID:6888
- C:\Windows\System\geaAhqo.exe
  C:\Windows\System\geaAhqo.exe
  2⤵
  PID:7016
- C:\Windows\System\LqTPlAu.exe
  C:\Windows\System\LqTPlAu.exe
  2⤵
  PID:2328
- C:\Windows\System\XFKgdEB.exe
  C:\Windows\System\XFKgdEB.exe
  2⤵
  PID:7152
- C:\Windows\System\fDUtXVT.exe
  C:\Windows\System\fDUtXVT.exe
  2⤵
  PID:7112
- C:\Windows\System\cjrZgLD.exe
  C:\Windows\System\cjrZgLD.exe
  2⤵
  PID:4024
- C:\Windows\System\MUKzalt.exe
  C:\Windows\System\MUKzalt.exe
  2⤵
  PID:5348
- C:\Windows\System\SmjaHMt.exe
  C:\Windows\System\SmjaHMt.exe
  2⤵
  PID:2812
- C:\Windows\System\QoJJCSh.exe
  C:\Windows\System\QoJJCSh.exe
  2⤵
  PID:6316
- C:\Windows\System\UiLquNS.exe
  C:\Windows\System\UiLquNS.exe
  2⤵
  PID:6652
- C:\Windows\System\xGDkrdK.exe
  C:\Windows\System\xGDkrdK.exe
  2⤵
  PID:6252
- C:\Windows\System\rAUOxmI.exe
  C:\Windows\System\rAUOxmI.exe
  2⤵
  PID:6576
- C:\Windows\System\xKZiaXu.exe
  C:\Windows\System\xKZiaXu.exe
  2⤵
  PID:1988
- C:\Windows\System\iLwnkyu.exe
  C:\Windows\System\iLwnkyu.exe
  2⤵
  PID:2748
- C:\Windows\System\xuUsdAI.exe
  C:\Windows\System\xuUsdAI.exe
  2⤵
  PID:2612
- C:\Windows\System\pBkuCVB.exe
  C:\Windows\System\pBkuCVB.exe
  2⤵
  PID:6812
- C:\Windows\System\RDXTBVr.exe
  C:\Windows\System\RDXTBVr.exe
  2⤵
  PID:1960
- C:\Windows\System\dmomOLQ.exe
  C:\Windows\System\dmomOLQ.exe
  2⤵
  PID:2732
- C:\Windows\System\LtdhTVv.exe
  C:\Windows\System\LtdhTVv.exe
  2⤵
  PID:6956
- C:\Windows\System\qhYvgkv.exe
  C:\Windows\System\qhYvgkv.exe
  2⤵
  PID:7088
- C:\Windows\System\hgDFTOq.exe
  C:\Windows\System\hgDFTOq.exe
  2⤵
  PID:6936
- C:\Windows\System\dxyRqlK.exe
  C:\Windows\System\dxyRqlK.exe
  2⤵
  PID:5856
- C:\Windows\System\JPSvbZK.exe
  C:\Windows\System\JPSvbZK.exe
  2⤵
  PID:1084
- C:\Windows\System\qMvbCxJ.exe
  C:\Windows\System\qMvbCxJ.exe
  2⤵
  PID:7076
- C:\Windows\System\qllYnSS.exe
  C:\Windows\System\qllYnSS.exe
  2⤵
  PID:2908
- C:\Windows\System\SMjNnAc.exe
  C:\Windows\System\SMjNnAc.exe
  2⤵
  PID:2996
- C:\Windows\System\pCjoBjM.exe
  C:\Windows\System\pCjoBjM.exe
  2⤵
  PID:6668
- C:\Windows\System\NoXNvQE.exe
  C:\Windows\System\NoXNvQE.exe
  2⤵
  PID:6388
- C:\Windows\System\eHQMlHv.exe
  C:\Windows\System\eHQMlHv.exe
  2⤵
  PID:2356
- C:\Windows\System\bSsVNPZ.exe
  C:\Windows\System\bSsVNPZ.exe
  2⤵
  PID:1324
- C:\Windows\System\NDLACSG.exe
  C:\Windows\System\NDLACSG.exe
  2⤵
  PID:6928
- C:\Windows\System\twJqVRb.exe
  C:\Windows\System\twJqVRb.exe
  2⤵
  PID:2112
- C:\Windows\System\ngjFjFm.exe
  C:\Windows\System\ngjFjFm.exe
  2⤵
  PID:5532
- C:\Windows\System\mywXzWD.exe
  C:\Windows\System\mywXzWD.exe
  2⤵
  PID:2180
- C:\Windows\System\AoUgLBG.exe
  C:\Windows\System\AoUgLBG.exe
  2⤵
  PID:828
- C:\Windows\System\wqJicyA.exe
  C:\Windows\System\wqJicyA.exe
  2⤵
  PID:6836
- C:\Windows\System\oFhWnDs.exe
  C:\Windows\System\oFhWnDs.exe
  2⤵
  PID:2316
- C:\Windows\System\KPeTFXj.exe
  C:\Windows\System\KPeTFXj.exe
  2⤵
  PID:2824
- C:\Windows\System\iTEEqgQ.exe
  C:\Windows\System\iTEEqgQ.exe
  2⤵
  PID:5396
- C:\Windows\System\sFsGtOl.exe
  C:\Windows\System\sFsGtOl.exe
  2⤵
  PID:304
- C:\Windows\System\VdQPFqs.exe
  C:\Windows\System\VdQPFqs.exe
  2⤵
  PID:1556
- C:\Windows\System\aaUYham.exe
  C:\Windows\System\aaUYham.exe
  2⤵
  PID:1548
- C:\Windows\System\FAbtHkt.exe
  C:\Windows\System\FAbtHkt.exe
  2⤵
  PID:5832
- C:\Windows\System\YTZfmzI.exe
  C:\Windows\System\YTZfmzI.exe
  2⤵
  PID:7188
- C:\Windows\System\IVJgBzt.exe
  C:\Windows\System\IVJgBzt.exe
  2⤵
  PID:7204
- C:\Windows\System\UWIBYQa.exe
  C:\Windows\System\UWIBYQa.exe
  2⤵
  PID:7224
- C:\Windows\System\EwOSmzh.exe
  C:\Windows\System\EwOSmzh.exe
  2⤵
  PID:7244
- C:\Windows\System\lDWJhoA.exe
  C:\Windows\System\lDWJhoA.exe
  2⤵
  PID:7260
- C:\Windows\System\YLWdlmK.exe
  C:\Windows\System\YLWdlmK.exe
  2⤵
  PID:7280
- C:\Windows\System\fYvajfp.exe
  C:\Windows\System\fYvajfp.exe
  2⤵
  PID:7300
- C:\Windows\System\OHqTFDv.exe
  C:\Windows\System\OHqTFDv.exe
  2⤵
  PID:7316
- C:\Windows\System\BdBPHWt.exe
  C:\Windows\System\BdBPHWt.exe
  2⤵
  PID:7360
- C:\Windows\System\jkqOGHi.exe
  C:\Windows\System\jkqOGHi.exe
  2⤵
  PID:7376
- C:\Windows\System\pciSDFq.exe
  C:\Windows\System\pciSDFq.exe
  2⤵
  PID:7408
- C:\Windows\System\VwLMLDo.exe
  C:\Windows\System\VwLMLDo.exe
  2⤵
  PID:7424
- C:\Windows\System\QySWirg.exe
  C:\Windows\System\QySWirg.exe
  2⤵
  PID:7444
- C:\Windows\System\hsojucu.exe
  C:\Windows\System\hsojucu.exe
  2⤵
  PID:7460
- C:\Windows\System\MzdBBSh.exe
  C:\Windows\System\MzdBBSh.exe
  2⤵
  PID:7480
- C:\Windows\System\FdVyKZl.exe
  C:\Windows\System\FdVyKZl.exe
  2⤵
  PID:7496
- C:\Windows\System\WeYLSVR.exe
  C:\Windows\System\WeYLSVR.exe
  2⤵
  PID:7520
- C:\Windows\System\EEQyFiu.exe
  C:\Windows\System\EEQyFiu.exe
  2⤵
  PID:7536
- C:\Windows\System\VQekHQc.exe
  C:\Windows\System\VQekHQc.exe
  2⤵
  PID:7560
- C:\Windows\System\KCEQcvX.exe
  C:\Windows\System\KCEQcvX.exe
  2⤵
  PID:7584
- C:\Windows\System\dUTHnjF.exe
  C:\Windows\System\dUTHnjF.exe
  2⤵
  PID:7600
- C:\Windows\System\QDeOrWe.exe
  C:\Windows\System\QDeOrWe.exe
  2⤵
  PID:7616
- C:\Windows\System\ZkSnCIr.exe
  C:\Windows\System\ZkSnCIr.exe
  2⤵
  PID:7632
- C:\Windows\System\xKBHJdr.exe
  C:\Windows\System\xKBHJdr.exe
  2⤵
  PID:7652
- C:\Windows\System\NiFMQuq.exe
  C:\Windows\System\NiFMQuq.exe
  2⤵
  PID:7672
- C:\Windows\System\kyOBmaj.exe
  C:\Windows\System\kyOBmaj.exe
  2⤵
  PID:7688
- C:\Windows\System\fjVStVn.exe
  C:\Windows\System\fjVStVn.exe
  2⤵
  PID:7708
- C:\Windows\System\SjFOXiO.exe
  C:\Windows\System\SjFOXiO.exe
  2⤵
  PID:7752
- C:\Windows\System\nrXlVdJ.exe
  C:\Windows\System\nrXlVdJ.exe
  2⤵
  PID:7772
- C:\Windows\System\BoAvcNR.exe
  C:\Windows\System\BoAvcNR.exe
  2⤵
  PID:7792
- C:\Windows\System\nTtxYEn.exe
  C:\Windows\System\nTtxYEn.exe
  2⤵
  PID:7808
- C:\Windows\System\ykkpAQe.exe
  C:\Windows\System\ykkpAQe.exe
  2⤵
  PID:7828
- C:\Windows\System\fCwcJqT.exe
  C:\Windows\System\fCwcJqT.exe
  2⤵
  PID:7852
- C:\Windows\System\FHVQqDY.exe
  C:\Windows\System\FHVQqDY.exe
  2⤵
  PID:7868
- C:\Windows\System\MFCGGwW.exe
  C:\Windows\System\MFCGGwW.exe
  2⤵
  PID:7888
- C:\Windows\System\tMLqOiy.exe
  C:\Windows\System\tMLqOiy.exe
  2⤵
  PID:7908
- C:\Windows\System\elFUCPa.exe
  C:\Windows\System\elFUCPa.exe
  2⤵
  PID:7924
- C:\Windows\System\hLJrcaW.exe
  C:\Windows\System\hLJrcaW.exe
  2⤵
  PID:7960
- C:\Windows\System\EDJYSSZ.exe
  C:\Windows\System\EDJYSSZ.exe
  2⤵
  PID:7976
- C:\Windows\System\vryUFSv.exe
  C:\Windows\System\vryUFSv.exe
  2⤵
  PID:8004
- C:\Windows\System\pbVJhQz.exe
  C:\Windows\System\pbVJhQz.exe
  2⤵
  PID:8024
- C:\Windows\System\HAAPIfS.exe
  C:\Windows\System\HAAPIfS.exe
  2⤵
  PID:8040
- C:\Windows\System\ykLGphZ.exe
  C:\Windows\System\ykLGphZ.exe
  2⤵
  PID:8060
- C:\Windows\System\FUdQOCb.exe
  C:\Windows\System\FUdQOCb.exe
  2⤵
  PID:8080
- C:\Windows\System\BxyHPwt.exe
  C:\Windows\System\BxyHPwt.exe
  2⤵
  PID:8100
- C:\Windows\System\SxLeoQe.exe
  C:\Windows\System\SxLeoQe.exe
  2⤵
  PID:8116
- C:\Windows\System\DDIRbbF.exe
  C:\Windows\System\DDIRbbF.exe
  2⤵
  PID:8132
- C:\Windows\System\TLzQjkI.exe
  C:\Windows\System\TLzQjkI.exe
  2⤵
  PID:8148
- C:\Windows\System\nnZUBUu.exe
  C:\Windows\System\nnZUBUu.exe
  2⤵
  PID:8168
- C:\Windows\System\XEGXOSw.exe
  C:\Windows\System\XEGXOSw.exe
  2⤵
  PID:8188
- C:\Windows\System\OHkhcFY.exe
  C:\Windows\System\OHkhcFY.exe
  2⤵
  PID:4744
- C:\Windows\System\XQLhbFZ.exe
  C:\Windows\System\XQLhbFZ.exe
  2⤵
  PID:2624
- C:\Windows\System\SWPNOeN.exe
  C:\Windows\System\SWPNOeN.exe
  2⤵
  PID:7180
- C:\Windows\System\lsTtcPk.exe
  C:\Windows\System\lsTtcPk.exe
  2⤵
  PID:7256
- C:\Windows\System\jKPixse.exe
  C:\Windows\System\jKPixse.exe
  2⤵
  PID:7272
- C:\Windows\System\WmEMssS.exe
  C:\Windows\System\WmEMssS.exe
  2⤵
  PID:7324
- C:\Windows\System\iCmuBkZ.exe
  C:\Windows\System\iCmuBkZ.exe
  2⤵
  PID:7312
- C:\Windows\System\fpbbYKC.exe
  C:\Windows\System\fpbbYKC.exe
  2⤵
  PID:7348
- C:\Windows\System\ibgqUpc.exe
  C:\Windows\System\ibgqUpc.exe
  2⤵
  PID:7392
- C:\Windows\System\qIopSMX.exe
  C:\Windows\System\qIopSMX.exe
  2⤵
  PID:7388
- C:\Windows\System\coWEbls.exe
  C:\Windows\System\coWEbls.exe
  2⤵
  PID:7488
- C:\Windows\System\OcMHLMD.exe
  C:\Windows\System\OcMHLMD.exe
  2⤵
  PID:7532
- C:\Windows\System\bUmZenV.exe
  C:\Windows\System\bUmZenV.exe
  2⤵
  PID:7608
- C:\Windows\System\vpkWSEG.exe
  C:\Windows\System\vpkWSEG.exe
  2⤵
  PID:7432
- C:\Windows\System\jGtaZkA.exe
  C:\Windows\System\jGtaZkA.exe
  2⤵
  PID:7476
- C:\Windows\System\opjeqsX.exe
  C:\Windows\System\opjeqsX.exe
  2⤵
  PID:7716
- C:\Windows\System\tLnWilp.exe
  C:\Windows\System\tLnWilp.exe
  2⤵
  PID:7548
- C:\Windows\System\MBgkVRP.exe
  C:\Windows\System\MBgkVRP.exe
  2⤵
  PID:7628
- C:\Windows\System\DHLbsvp.exe
  C:\Windows\System\DHLbsvp.exe
  2⤵
  PID:7740
- C:\Windows\System\ZHDSOFa.exe
  C:\Windows\System\ZHDSOFa.exe
  2⤵
  PID:7736
- C:\Windows\System\HnGzEqZ.exe
  C:\Windows\System\HnGzEqZ.exe
  2⤵
  PID:7764
- C:\Windows\System\pTBJOGq.exe
  C:\Windows\System\pTBJOGq.exe
  2⤵
  PID:7844
- C:\Windows\System\YGgMRiF.exe
  C:\Windows\System\YGgMRiF.exe
  2⤵
  PID:7920
- C:\Windows\System\gRktzek.exe
  C:\Windows\System\gRktzek.exe
  2⤵
  PID:7932
- C:\Windows\System\rbygYlf.exe
  C:\Windows\System\rbygYlf.exe
  2⤵
  PID:7860
- C:\Windows\System\MzPKuLb.exe
  C:\Windows\System\MzPKuLb.exe
  2⤵
  PID:8036
- C:\Windows\System\DMYpIFY.exe
  C:\Windows\System\DMYpIFY.exe
  2⤵
  PID:8072
- C:\Windows\System\Bykfrdt.exe
  C:\Windows\System\Bykfrdt.exe
  2⤵
  PID:8112
- C:\Windows\System\Ijnrcjs.exe
  C:\Windows\System\Ijnrcjs.exe
  2⤵
  PID:8176
- C:\Windows\System\pZRenLq.exe
  C:\Windows\System\pZRenLq.exe
  2⤵
  PID:6868
- C:\Windows\System\zDfckjd.exe
  C:\Windows\System\zDfckjd.exe
  2⤵
  PID:7232
- C:\Windows\System\pslAoRL.exe
  C:\Windows\System\pslAoRL.exe
  2⤵
  PID:7968
- C:\Windows\System\mPzoWNx.exe
  C:\Windows\System\mPzoWNx.exe
  2⤵
  PID:7172
- C:\Windows\System\henJmtF.exe
  C:\Windows\System\henJmtF.exe
  2⤵
  PID:8088
- C:\Windows\System\HNIuKeA.exe
  C:\Windows\System\HNIuKeA.exe
  2⤵
  PID:8160
- C:\Windows\System\rGimyBR.exe
  C:\Windows\System\rGimyBR.exe
  2⤵
  PID:7212
- C:\Windows\System\aYgBBfi.exe
  C:\Windows\System\aYgBBfi.exe
  2⤵
  PID:7328
- C:\Windows\System\bWwNuXv.exe
  C:\Windows\System\bWwNuXv.exe
  2⤵
  PID:7400
- C:\Windows\System\EJAsezD.exe
  C:\Windows\System\EJAsezD.exe
  2⤵
  PID:7308
- C:\Windows\System\tbdcrjK.exe
  C:\Windows\System\tbdcrjK.exe
  2⤵
  PID:7640
- C:\Windows\System\wTqlapB.exe
  C:\Windows\System\wTqlapB.exe
  2⤵
  PID:7684
- C:\Windows\System\AdWdjgX.exe
  C:\Windows\System\AdWdjgX.exe
  2⤵
  PID:7728
- C:\Windows\System\foPiUEP.exe
  C:\Windows\System\foPiUEP.exe
  2⤵
  PID:7696
- C:\Windows\System\BIptCTC.exe
  C:\Windows\System\BIptCTC.exe
  2⤵
  PID:7512
- C:\Windows\System\HzUngjs.exe
  C:\Windows\System\HzUngjs.exe
  2⤵
  PID:7732
- C:\Windows\System\ZlhSpVs.exe
  C:\Windows\System\ZlhSpVs.exe
  2⤵
  PID:7720
- C:\Windows\System\gmttziR.exe
  C:\Windows\System\gmttziR.exe
  2⤵
  PID:7784
- C:\Windows\System\GOCNtQO.exe
  C:\Windows\System\GOCNtQO.exe
  2⤵
  PID:8144
- C:\Windows\System\cQThccU.exe
  C:\Windows\System\cQThccU.exe
  2⤵
  PID:7200
- C:\Windows\System\dkNXivP.exe
  C:\Windows\System\dkNXivP.exe
  2⤵
  PID:8020
- C:\Windows\System\aBpvUWd.exe
  C:\Windows\System\aBpvUWd.exe
  2⤵
  PID:7184
- C:\Windows\System\ccKszlf.exe
  C:\Windows\System\ccKszlf.exe
  2⤵
  PID:7904
- C:\Windows\System\lFnRpuw.exe
  C:\Windows\System\lFnRpuw.exe
  2⤵
  PID:2244
- C:\Windows\System\ZaSYCtJ.exe
  C:\Windows\System\ZaSYCtJ.exe
  2⤵
  PID:7292
- C:\Windows\System\RfrVUpX.exe
  C:\Windows\System\RfrVUpX.exe
  2⤵
  PID:7508
- C:\Windows\System\XnuUoAV.exe
  C:\Windows\System\XnuUoAV.exe
  2⤵
  PID:7556
- C:\Windows\System\QbosNOK.exe
  C:\Windows\System\QbosNOK.exe
  2⤵
  PID:7648
- C:\Windows\System\tQFAVMk.exe
  C:\Windows\System\tQFAVMk.exe
  2⤵
  PID:7840
- C:\Windows\System\EtOMxpP.exe
  C:\Windows\System\EtOMxpP.exe
  2⤵
  PID:7984
- C:\Windows\System\ZqBplgQ.exe
  C:\Windows\System\ZqBplgQ.exe
  2⤵
  PID:7848
- C:\Windows\System\SYXhOKS.exe
  C:\Windows\System\SYXhOKS.exe
  2⤵
  PID:7916
- C:\Windows\System\pYPJqPh.exe
  C:\Windows\System\pYPJqPh.exe
  2⤵
  PID:8068
- C:\Windows\System\StGrDzE.exe
  C:\Windows\System\StGrDzE.exe
  2⤵
  PID:8184
- C:\Windows\System\EMFJXiM.exe
  C:\Windows\System\EMFJXiM.exe
  2⤵
  PID:2040
- C:\Windows\System\eYrDsRQ.exe
  C:\Windows\System\eYrDsRQ.exe
  2⤵
  PID:8052
- C:\Windows\System\qfIwOkr.exe
  C:\Windows\System\qfIwOkr.exe
  2⤵
  PID:7456
- C:\Windows\System\hncdTxh.exe
  C:\Windows\System\hncdTxh.exe
  2⤵
  PID:8032
- C:\Windows\System\WvvxNYh.exe
  C:\Windows\System\WvvxNYh.exe
  2⤵
  PID:7824
- C:\Windows\System\VBLfanp.exe
  C:\Windows\System\VBLfanp.exe
  2⤵
  PID:7572
- C:\Windows\System\jQgsJWo.exe
  C:\Windows\System\jQgsJWo.exe
  2⤵
  PID:7992
- C:\Windows\System\hsMmcRK.exe
  C:\Windows\System\hsMmcRK.exe
  2⤵
  PID:6732
- C:\Windows\System\KXrgFNL.exe
  C:\Windows\System\KXrgFNL.exe
  2⤵
  PID:7996
- C:\Windows\System\UTxxnGC.exe
  C:\Windows\System\UTxxnGC.exe
  2⤵
  PID:3020
- C:\Windows\System\LHiFFcC.exe
  C:\Windows\System\LHiFFcC.exe
  2⤵
  PID:7948
- C:\Windows\System\TirALTk.exe
  C:\Windows\System\TirALTk.exe
  2⤵
  PID:7944
- C:\Windows\System\xSUxRdf.exe
  C:\Windows\System\xSUxRdf.exe
  2⤵
  PID:7768
- C:\Windows\System\SweEtMX.exe
  C:\Windows\System\SweEtMX.exe
  2⤵
  PID:8208
- C:\Windows\System\ALhxVfN.exe
  C:\Windows\System\ALhxVfN.exe
  2⤵
  PID:8228
- C:\Windows\System\HvLBLGQ.exe
  C:\Windows\System\HvLBLGQ.exe
  2⤵
  PID:8308
- C:\Windows\System\NETiqcR.exe
  C:\Windows\System\NETiqcR.exe
  2⤵
  PID:8328
- C:\Windows\System\RciARYq.exe
  C:\Windows\System\RciARYq.exe
  2⤵
  PID:8344
- C:\Windows\System\MhcgWGo.exe
  C:\Windows\System\MhcgWGo.exe
  2⤵
  PID:8360
- C:\Windows\System\kDruHwx.exe
  C:\Windows\System\kDruHwx.exe
  2⤵
  PID:8376
- C:\Windows\System\RgQPfNs.exe
  C:\Windows\System\RgQPfNs.exe
  2⤵
  PID:8392
- C:\Windows\System\otvgolo.exe
  C:\Windows\System\otvgolo.exe
  2⤵
  PID:8416
- C:\Windows\System\ODyDhpe.exe
  C:\Windows\System\ODyDhpe.exe
  2⤵
  PID:8432
- C:\Windows\System\pFZwazE.exe
  C:\Windows\System\pFZwazE.exe
  2⤵
  PID:8452
- C:\Windows\System\KVnXyBl.exe
  C:\Windows\System\KVnXyBl.exe
  2⤵
  PID:8480
- C:\Windows\System\LCPmGAh.exe
  C:\Windows\System\LCPmGAh.exe
  2⤵
  PID:8496
- C:\Windows\System\uDjQzDl.exe
  C:\Windows\System\uDjQzDl.exe
  2⤵
  PID:8512
- C:\Windows\System\gLlBfJs.exe
  C:\Windows\System\gLlBfJs.exe
  2⤵
  PID:8544
- C:\Windows\System\voExdRS.exe
  C:\Windows\System\voExdRS.exe
  2⤵
  PID:8576
- C:\Windows\System\wFawaoi.exe
  C:\Windows\System\wFawaoi.exe
  2⤵
  PID:8596
- C:\Windows\System\rOsgRHs.exe
  C:\Windows\System\rOsgRHs.exe
  2⤵
  PID:8612
- C:\Windows\System\tuspRdg.exe
  C:\Windows\System\tuspRdg.exe
  2⤵
  PID:8628
- C:\Windows\System\PTTyWkn.exe
  C:\Windows\System\PTTyWkn.exe
  2⤵
  PID:8648
- C:\Windows\System\WOUMetI.exe
  C:\Windows\System\WOUMetI.exe
  2⤵
  PID:8664
- C:\Windows\System\wgDoDEk.exe
  C:\Windows\System\wgDoDEk.exe
  2⤵
  PID:8692
- C:\Windows\System\krNfuyd.exe
  C:\Windows\System\krNfuyd.exe
  2⤵
  PID:8720
- C:\Windows\System\NSaLinC.exe
  C:\Windows\System\NSaLinC.exe
  2⤵
  PID:8740
- C:\Windows\System\sSIeLBR.exe
  C:\Windows\System\sSIeLBR.exe
  2⤵
  PID:8756
- C:\Windows\System\zmxUDEP.exe
  C:\Windows\System\zmxUDEP.exe
  2⤵
  PID:8776
- C:\Windows\System\XvyPXZX.exe
  C:\Windows\System\XvyPXZX.exe
  2⤵
  PID:8792
- C:\Windows\System\aeOzXkl.exe
  C:\Windows\System\aeOzXkl.exe
  2⤵
  PID:8808
- C:\Windows\System\nXYlkHk.exe
  C:\Windows\System\nXYlkHk.exe
  2⤵
  PID:8824
- C:\Windows\System\vVwChis.exe
  C:\Windows\System\vVwChis.exe
  2⤵
  PID:8840
- C:\Windows\System\ZMqEIcS.exe
  C:\Windows\System\ZMqEIcS.exe
  2⤵
  PID:8856
- C:\Windows\System\MQnNpnS.exe
  C:\Windows\System\MQnNpnS.exe
  2⤵
  PID:8872
- C:\Windows\System\oEhsHmc.exe
  C:\Windows\System\oEhsHmc.exe
  2⤵
  PID:8888
- C:\Windows\System\rXKFSJg.exe
  C:\Windows\System\rXKFSJg.exe
  2⤵
  PID:8904
- C:\Windows\System\yIvFwGm.exe
  C:\Windows\System\yIvFwGm.exe
  2⤵
  PID:8920
- C:\Windows\System\TfcKqEr.exe
  C:\Windows\System\TfcKqEr.exe
  2⤵
  PID:8936
- C:\Windows\System\vLkqfuT.exe
  C:\Windows\System\vLkqfuT.exe
  2⤵
  PID:8952
- C:\Windows\System\aXHHgdN.exe
  C:\Windows\System\aXHHgdN.exe
  2⤵
  PID:8968
- C:\Windows\System\MyVmaYR.exe
  C:\Windows\System\MyVmaYR.exe
  2⤵
  PID:8984
- C:\Windows\System\dYSqyTJ.exe
  C:\Windows\System\dYSqyTJ.exe
  2⤵
  PID:9000
- C:\Windows\System\eCjJGRo.exe
  C:\Windows\System\eCjJGRo.exe
  2⤵
  PID:9016
- C:\Windows\System\icuWZyU.exe
  C:\Windows\System\icuWZyU.exe
  2⤵
  PID:9032
- C:\Windows\System\uFrdnBG.exe
  C:\Windows\System\uFrdnBG.exe
  2⤵
  PID:9048
- C:\Windows\System\XQXQOtc.exe
  C:\Windows\System\XQXQOtc.exe
  2⤵
  PID:9064
- C:\Windows\System\CWwzVWZ.exe
  C:\Windows\System\CWwzVWZ.exe
  2⤵
  PID:9080
- C:\Windows\System\mlzXVig.exe
  C:\Windows\System\mlzXVig.exe
  2⤵
  PID:9096
- C:\Windows\System\FyhaYFD.exe
  C:\Windows\System\FyhaYFD.exe
  2⤵
  PID:9112
- C:\Windows\System\qaStfHr.exe
  C:\Windows\System\qaStfHr.exe
  2⤵
  PID:9128
- C:\Windows\System\UvPPgNS.exe
  C:\Windows\System\UvPPgNS.exe
  2⤵
  PID:9144
- C:\Windows\System\QZiDWwI.exe
  C:\Windows\System\QZiDWwI.exe
  2⤵
  PID:9160
- C:\Windows\System\apTxenG.exe
  C:\Windows\System\apTxenG.exe
  2⤵
  PID:9176
- C:\Windows\System\zCKjOpk.exe
  C:\Windows\System\zCKjOpk.exe
  2⤵
  PID:9196
- C:\Windows\System\yhqCYUO.exe
  C:\Windows\System\yhqCYUO.exe
  2⤵
  PID:9212
- C:\Windows\System\iQgboKG.exe
  C:\Windows\System\iQgboKG.exe
  2⤵
  PID:8048
- C:\Windows\System\zxEWBvT.exe
  C:\Windows\System\zxEWBvT.exe
  2⤵
  PID:7452
- C:\Windows\System\pbfynTT.exe
  C:\Windows\System\pbfynTT.exe
  2⤵
  PID:8224
- C:\Windows\System\bexkBRL.exe
  C:\Windows\System\bexkBRL.exe
  2⤵
  PID:7704
- C:\Windows\System\jiQmKxw.exe
  C:\Windows\System\jiQmKxw.exe
  2⤵
  PID:8248
- C:\Windows\System\FZhwavi.exe
  C:\Windows\System\FZhwavi.exe
  2⤵
  PID:8276
- C:\Windows\System\GblccQw.exe
  C:\Windows\System\GblccQw.exe
  2⤵
  PID:8256
- C:\Windows\System\dTWJfyH.exe
  C:\Windows\System\dTWJfyH.exe
  2⤵
  PID:8284
- C:\Windows\System\IYFUrAU.exe
  C:\Windows\System\IYFUrAU.exe
  2⤵
  PID:8300
- C:\Windows\System\NhsgvDm.exe
  C:\Windows\System\NhsgvDm.exe
  2⤵
  PID:8356
- C:\Windows\System\LszjJwB.exe
  C:\Windows\System\LszjJwB.exe
  2⤵
  PID:8384
- C:\Windows\System\NLkWXRB.exe
  C:\Windows\System\NLkWXRB.exe
  2⤵
  PID:8404
- C:\Windows\System\nJNoRwG.exe
  C:\Windows\System\nJNoRwG.exe
  2⤵
  PID:8428
- C:\Windows\System\DGejbML.exe
  C:\Windows\System\DGejbML.exe
  2⤵
  PID:8468
- C:\Windows\System\TgBGxgC.exe
  C:\Windows\System\TgBGxgC.exe
  2⤵
  PID:8488
- C:\Windows\System\ntlrsZQ.exe
  C:\Windows\System\ntlrsZQ.exe
  2⤵
  PID:8520
- C:\Windows\System\JzWoFIp.exe
  C:\Windows\System\JzWoFIp.exe
  2⤵
  PID:8532
- C:\Windows\System\wgbbrnG.exe
  C:\Windows\System\wgbbrnG.exe
  2⤵
  PID:8568
- C:\Windows\System\YhRyBLX.exe
  C:\Windows\System\YhRyBLX.exe
  2⤵
  PID:8604
- C:\Windows\System\hYWATRL.exe
  C:\Windows\System\hYWATRL.exe
  2⤵
  PID:8640
- C:\Windows\System\aswvHtd.exe
  C:\Windows\System\aswvHtd.exe
  2⤵
  PID:8688
- C:\Windows\System\NugEywc.exe
  C:\Windows\System\NugEywc.exe
  2⤵
  PID:8644
- C:\Windows\System\wXAxENi.exe
  C:\Windows\System\wXAxENi.exe
  2⤵
  PID:8680
- C:\Windows\System\yFXOgos.exe
  C:\Windows\System\yFXOgos.exe
  2⤵
  PID:8712
- C:\Windows\System\lCWJrHk.exe
  C:\Windows\System\lCWJrHk.exe
  2⤵
  PID:8732
- C:\Windows\System\ZGqCuAn.exe
  C:\Windows\System\ZGqCuAn.exe
  2⤵
  PID:8848
- C:\Windows\System\QTjQrSw.exe
  C:\Windows\System\QTjQrSw.exe
  2⤵
  PID:8752
- C:\Windows\System\uJDQLNI.exe
  C:\Windows\System\uJDQLNI.exe
  2⤵
  PID:8944
- C:\Windows\System\sXcfPRB.exe
  C:\Windows\System\sXcfPRB.exe
  2⤵
  PID:9040
- C:\Windows\System\HbHQMvw.exe
  C:\Windows\System\HbHQMvw.exe
  2⤵
  PID:9044
- C:\Windows\System\WIPzmYb.exe
  C:\Windows\System\WIPzmYb.exe
  2⤵
  PID:9108
- C:\Windows\System\xRtajjB.exe
  C:\Windows\System\xRtajjB.exe
  2⤵
  PID:9140
- C:\Windows\System\MwliKLV.exe
  C:\Windows\System\MwliKLV.exe
  2⤵
  PID:8800
- C:\Windows\System\rByUysr.exe
  C:\Windows\System\rByUysr.exe
  2⤵
  PID:8896
- C:\Windows\System\NyCVijF.exe
  C:\Windows\System\NyCVijF.exe
  2⤵
  PID:8960
- C:\Windows\System\euRuvPH.exe
  C:\Windows\System\euRuvPH.exe
  2⤵
  PID:7780
- C:\Windows\System\anjVpGu.exe
  C:\Windows\System\anjVpGu.exe
  2⤵
  PID:8264
- C:\Windows\System\beFVmbv.exe
  C:\Windows\System\beFVmbv.exe
  2⤵
  PID:9028
- C:\Windows\System\pbcIBRk.exe
  C:\Windows\System\pbcIBRk.exe
  2⤵
  PID:9092
- C:\Windows\System\SPtOKDx.exe
  C:\Windows\System\SPtOKDx.exe
  2⤵
  PID:9156
- C:\Windows\System\eIwziwQ.exe
  C:\Windows\System\eIwziwQ.exe
  2⤵
  PID:8108
- C:\Windows\System\CVRPgvH.exe
  C:\Windows\System\CVRPgvH.exe
  2⤵
  PID:8220
- C:\Windows\System\WpgudZS.exe
  C:\Windows\System\WpgudZS.exe
  2⤵
  PID:8244
- C:\Windows\System\tErUwBs.exe
  C:\Windows\System\tErUwBs.exe
  2⤵
  PID:8352
- C:\Windows\System\kqehlvy.exe
  C:\Windows\System\kqehlvy.exe
  2⤵
  PID:8268
- C:\Windows\System\YRPFAuj.exe
  C:\Windows\System\YRPFAuj.exe
  2⤵
  PID:8508
- C:\Windows\System\QaxVClM.exe
  C:\Windows\System\QaxVClM.exe
  2⤵
  PID:8372
- C:\Windows\System\AmhAjCY.exe
  C:\Windows\System\AmhAjCY.exe
  2⤵
  PID:8296
- C:\Windows\System\nUkXBrp.exe
  C:\Windows\System\nUkXBrp.exe
  2⤵
  PID:8588
- C:\Windows\System\taQvcIT.exe
  C:\Windows\System\taQvcIT.exe
  2⤵
  PID:8912
- C:\Windows\System\dVHCzmi.exe
  C:\Windows\System\dVHCzmi.exe
  2⤵
  PID:9168
- C:\Windows\System\zYYEChz.exe
  C:\Windows\System\zYYEChz.exe
  2⤵
  PID:8836
- C:\Windows\System\tyBkQRt.exe
  C:\Windows\System\tyBkQRt.exe
  2⤵
  PID:8772
- C:\Windows\System\PNYcYCd.exe
  C:\Windows\System\PNYcYCd.exe
  2⤵
  PID:8324
- C:\Windows\System\PGQfLzX.exe
  C:\Windows\System\PGQfLzX.exe
  2⤵
  PID:8368
- C:\Windows\System\mWjXlbS.exe
  C:\Windows\System\mWjXlbS.exe
  2⤵
  PID:8408
- C:\Windows\System\khydpVg.exe
  C:\Windows\System\khydpVg.exe
  2⤵
  PID:8820
- C:\Windows\System\UvYWjys.exe
  C:\Windows\System\UvYWjys.exe
  2⤵
  PID:8788
- C:\Windows\System\KGLaWPE.exe
  C:\Windows\System\KGLaWPE.exe
  2⤵
  PID:9024
- C:\Windows\System\wodBIVd.exe
  C:\Windows\System\wodBIVd.exe
  2⤵
  PID:8560
- C:\Windows\System\LiFLXwF.exe
  C:\Windows\System\LiFLXwF.exe
  2⤵
  PID:8656
- C:\Windows\System\LfLytTP.exe
  C:\Windows\System\LfLytTP.exe
  2⤵
  PID:8980
- C:\Windows\System\pJRHowI.exe
  C:\Windows\System\pJRHowI.exe
  2⤵
  PID:9060
- C:\Windows\System\kaQfxxJ.exe
  C:\Windows\System\kaQfxxJ.exe
  2⤵
  PID:8280
- C:\Windows\System\fvwthpH.exe
  C:\Windows\System\fvwthpH.exe
  2⤵
  PID:9152
- C:\Windows\System\gOJRguu.exe
  C:\Windows\System\gOJRguu.exe
  2⤵
  PID:8564
- C:\Windows\System\GqalOwq.exe
  C:\Windows\System\GqalOwq.exe
  2⤵
  PID:9076
- C:\Windows\System\qqlQaMx.exe
  C:\Windows\System\qqlQaMx.exe
  2⤵
  PID:9232
- C:\Windows\System\FRnJozZ.exe
  C:\Windows\System\FRnJozZ.exe
  2⤵
  PID:9252
- C:\Windows\System\lDrmLBi.exe
  C:\Windows\System\lDrmLBi.exe
  2⤵
  PID:9272
- C:\Windows\System\PKIHiTd.exe
  C:\Windows\System\PKIHiTd.exe
  2⤵
  PID:9288
- C:\Windows\System\tnfHkrZ.exe
  C:\Windows\System\tnfHkrZ.exe
  2⤵
  PID:9304
- C:\Windows\System\tLKePYC.exe
  C:\Windows\System\tLKePYC.exe
  2⤵
  PID:9320
- C:\Windows\System\ZklGfFa.exe
  C:\Windows\System\ZklGfFa.exe
  2⤵
  PID:9336
- C:\Windows\System\knivtpx.exe
  C:\Windows\System\knivtpx.exe
  2⤵
  PID:9356
- C:\Windows\System\sEvskmP.exe
  C:\Windows\System\sEvskmP.exe
  2⤵
  PID:9376
- C:\Windows\System\JwFpiGI.exe
  C:\Windows\System\JwFpiGI.exe
  2⤵
  PID:9392
- C:\Windows\System\DkbnOOK.exe
  C:\Windows\System\DkbnOOK.exe
  2⤵
  PID:9412
- C:\Windows\System\hqkaeRj.exe
  C:\Windows\System\hqkaeRj.exe
  2⤵
  PID:9448
- C:\Windows\System\cungMsk.exe
  C:\Windows\System\cungMsk.exe
  2⤵
  PID:9472
- C:\Windows\System\zidPTOO.exe
  C:\Windows\System\zidPTOO.exe
  2⤵
  PID:9516
- C:\Windows\System\CZqsMYE.exe
  C:\Windows\System\CZqsMYE.exe
  2⤵
  PID:9548
- C:\Windows\System\ZZtuYoY.exe
  C:\Windows\System\ZZtuYoY.exe
  2⤵
  PID:9584
- C:\Windows\System\TWuWwkm.exe
  C:\Windows\System\TWuWwkm.exe
  2⤵
  PID:9612
- C:\Windows\System\FYloTLA.exe
  C:\Windows\System\FYloTLA.exe
  2⤵
  PID:9632
- C:\Windows\System\HxAGwNG.exe
  C:\Windows\System\HxAGwNG.exe
  2⤵
  PID:9648
- C:\Windows\System\HLbKkAi.exe
  C:\Windows\System\HLbKkAi.exe
  2⤵
  PID:9672
- C:\Windows\System\nkKzXXy.exe
  C:\Windows\System\nkKzXXy.exe
  2⤵
  PID:9700
- C:\Windows\System\FbaVmTl.exe
  C:\Windows\System\FbaVmTl.exe
  2⤵
  PID:9716
- C:\Windows\System\PxafFoX.exe
  C:\Windows\System\PxafFoX.exe
  2⤵
  PID:9740
- C:\Windows\System\jNmMmCk.exe
  C:\Windows\System\jNmMmCk.exe
  2⤵
  PID:9756
- C:\Windows\System\Dfabeba.exe
  C:\Windows\System\Dfabeba.exe
  2⤵
  PID:9772
- C:\Windows\System\AdCjmJe.exe
  C:\Windows\System\AdCjmJe.exe
  2⤵
  PID:9792
- C:\Windows\System\yaLjKVj.exe
  C:\Windows\System\yaLjKVj.exe
  2⤵
  PID:9808
- C:\Windows\System\FDhbBDn.exe
  C:\Windows\System\FDhbBDn.exe
  2⤵
  PID:9832
- C:\Windows\System\rURZsCL.exe
  C:\Windows\System\rURZsCL.exe
  2⤵
  PID:9848
- C:\Windows\System\ZKZUsev.exe
  C:\Windows\System\ZKZUsev.exe
  2⤵
  PID:9864
- C:\Windows\System\dSGjzRb.exe
  C:\Windows\System\dSGjzRb.exe
  2⤵
  PID:9880
- C:\Windows\System\UZhMDtx.exe
  C:\Windows\System\UZhMDtx.exe
  2⤵
  PID:9900
- C:\Windows\System\hBXyaSh.exe
  C:\Windows\System\hBXyaSh.exe
  2⤵
  PID:9920
- C:\Windows\System\DTwmEjS.exe
  C:\Windows\System\DTwmEjS.exe
  2⤵
  PID:9940
- C:\Windows\System\AUObUpb.exe
  C:\Windows\System\AUObUpb.exe
  2⤵
  PID:9956
- C:\Windows\System\wzUFqWm.exe
  C:\Windows\System\wzUFqWm.exe
  2⤵
  PID:9980
- C:\Windows\System\jXJEhtU.exe
  C:\Windows\System\jXJEhtU.exe
  2⤵
  PID:10000
- C:\Windows\System\SIyOxLM.exe
  C:\Windows\System\SIyOxLM.exe
  2⤵
  PID:10016
- C:\Windows\System\uePAlch.exe
  C:\Windows\System\uePAlch.exe
  2⤵
  PID:10040
- C:\Windows\System\CtxsNNA.exe
  C:\Windows\System\CtxsNNA.exe
  2⤵
  PID:10056
- C:\Windows\System\XuXbcpX.exe
  C:\Windows\System\XuXbcpX.exe
  2⤵
  PID:10076
- C:\Windows\System\zkSjEud.exe
  C:\Windows\System\zkSjEud.exe
  2⤵
  PID:10092
- C:\Windows\System\DnNzPCU.exe
  C:\Windows\System\DnNzPCU.exe
  2⤵
  PID:10112
- C:\Windows\System\nonclll.exe
  C:\Windows\System\nonclll.exe
  2⤵
  PID:10128
- C:\Windows\System\xhdbzwT.exe
  C:\Windows\System\xhdbzwT.exe
  2⤵
  PID:10144
- C:\Windows\System\lbKdcli.exe
  C:\Windows\System\lbKdcli.exe
  2⤵
  PID:10164
- C:\Windows\System\ZPbhzua.exe
  C:\Windows\System\ZPbhzua.exe
  2⤵
  PID:10208
- C:\Windows\System\EunaYgj.exe
  C:\Windows\System\EunaYgj.exe
  2⤵
  PID:10224
- C:\Windows\System\dFnWtsF.exe
  C:\Windows\System\dFnWtsF.exe
  2⤵
  PID:9124
- C:\Windows\System\XRkkUqL.exe
  C:\Windows\System\XRkkUqL.exe
  2⤵
  PID:8932
- C:\Windows\System\JbUKnbQ.exe
  C:\Windows\System\JbUKnbQ.exe
  2⤵
  PID:8768
- C:\Windows\System\gogxTgZ.exe
  C:\Windows\System\gogxTgZ.exe
  2⤵
  PID:9188
- C:\Windows\System\VRrVCDk.exe
  C:\Windows\System\VRrVCDk.exe
  2⤵
  PID:9008
- C:\Windows\System\CXrjHnE.exe
  C:\Windows\System\CXrjHnE.exe
  2⤵
  PID:9260
- C:\Windows\System\iAeyXCX.exe
  C:\Windows\System\iAeyXCX.exe
  2⤵
  PID:9240
- C:\Windows\System\FbUclmX.exe
  C:\Windows\System\FbUclmX.exe
  2⤵
  PID:7660
- C:\Windows\System\gDFazMB.exe
  C:\Windows\System\gDFazMB.exe
  2⤵
  PID:9368
- C:\Windows\System\ULgXgNA.exe
  C:\Windows\System\ULgXgNA.exe
  2⤵
  PID:9404
- C:\Windows\System\gvECKUo.exe
  C:\Windows\System\gvECKUo.exe
  2⤵
  PID:9432
- C:\Windows\System\lgOGsgA.exe
  C:\Windows\System\lgOGsgA.exe
  2⤵
  PID:9460
- C:\Windows\System\tDqwDEC.exe
  C:\Windows\System\tDqwDEC.exe
  2⤵
  PID:9428
- C:\Windows\System\UIXOwMZ.exe
  C:\Windows\System\UIXOwMZ.exe
  2⤵
  PID:9512
- C:\Windows\System\nMpcHkP.exe
  C:\Windows\System\nMpcHkP.exe
  2⤵
  PID:9540
- C:\Windows\System\umpldbj.exe
  C:\Windows\System\umpldbj.exe
  2⤵
  PID:9568
- C:\Windows\System\xjbrPaW.exe
  C:\Windows\System\xjbrPaW.exe
  2⤵
  PID:9572
- C:\Windows\System\hHuxbno.exe
  C:\Windows\System\hHuxbno.exe
  2⤵
  PID:9580
- C:\Windows\System\OYeruPd.exe
  C:\Windows\System\OYeruPd.exe
  2⤵
  PID:9680
- C:\Windows\System\EqBtarp.exe
  C:\Windows\System\EqBtarp.exe
  2⤵
  PID:9748
- C:\Windows\System\vDnmSGY.exe
  C:\Windows\System\vDnmSGY.exe
  2⤵
  PID:9840
- C:\Windows\System\gFUfeow.exe
  C:\Windows\System\gFUfeow.exe
  2⤵
  PID:9820
- C:\Windows\System\sndlIxP.exe
  C:\Windows\System\sndlIxP.exe
  2⤵
  PID:9860
- C:\Windows\System\zRBDxwC.exe
  C:\Windows\System\zRBDxwC.exe
  2⤵
  PID:9912
- C:\Windows\System\MfYhIsQ.exe
  C:\Windows\System\MfYhIsQ.exe
  2⤵
  PID:9896
- C:\Windows\System\OCdTfPs.exe
  C:\Windows\System\OCdTfPs.exe
  2⤵
  PID:9948
- C:\Windows\System\UEFfwtN.exe
  C:\Windows\System\UEFfwtN.exe
  2⤵
  PID:9964
- C:\Windows\System\brBYiqP.exe
  C:\Windows\System\brBYiqP.exe
  2⤵
  PID:9976
- C:\Windows\System\XnNVRCh.exe
  C:\Windows\System\XnNVRCh.exe
  2⤵
  PID:10036
- C:\Windows\System\JEypIwK.exe
  C:\Windows\System\JEypIwK.exe
  2⤵
  PID:10072
- C:\Windows\System\vShvaXU.exe
  C:\Windows\System\vShvaXU.exe
  2⤵
  PID:10136
- C:\Windows\System\lGxbvGr.exe
  C:\Windows\System\lGxbvGr.exe
  2⤵
  PID:10184
- C:\Windows\System\CGgMskZ.exe
  C:\Windows\System\CGgMskZ.exe
  2⤵
  PID:8636
- C:\Windows\System\mlSDvjm.exe
  C:\Windows\System\mlSDvjm.exe
  2⤵
  PID:8424
- C:\Windows\System\FWasFGN.exe
  C:\Windows\System\FWasFGN.exe
  2⤵
  PID:10084
- C:\Windows\System\LtrtrHS.exe
  C:\Windows\System\LtrtrHS.exe
  2⤵
  PID:10152
- C:\Windows\System\DcJNrkg.exe
  C:\Windows\System\DcJNrkg.exe
  2⤵
  PID:9316
- C:\Windows\System\OSQQXHn.exe
  C:\Windows\System\OSQQXHn.exe
  2⤵
  PID:9280
- C:\Windows\System\NsCzCTB.exe
  C:\Windows\System\NsCzCTB.exe
  2⤵
  PID:9268
- C:\Windows\System\lYlomTO.exe
  C:\Windows\System\lYlomTO.exe
  2⤵
  PID:9088
- C:\Windows\System\OAaOAUD.exe
  C:\Windows\System\OAaOAUD.exe
  2⤵
  PID:1004
- C:\Windows\System\GilMxnB.exe
  C:\Windows\System\GilMxnB.exe
  2⤵
  PID:9388
- C:\Windows\System\FLtIuHx.exe
  C:\Windows\System\FLtIuHx.exe
  2⤵
  PID:9596
- C:\Windows\System\JcoabHO.exe
  C:\Windows\System\JcoabHO.exe
  2⤵
  PID:9644
- C:\Windows\System\PLZViED.exe
  C:\Windows\System\PLZViED.exe
  2⤵
  PID:9688
- C:\Windows\System\vuitQlY.exe
  C:\Windows\System\vuitQlY.exe
  2⤵
  PID:9724
- C:\Windows\System\ukuLhHV.exe
  C:\Windows\System\ukuLhHV.exe
  2⤵
  PID:9804
- C:\Windows\System\tpLQgBr.exe
  C:\Windows\System\tpLQgBr.exe
  2⤵
  PID:9888
- C:\Windows\System\thcMUdK.exe
  C:\Windows\System\thcMUdK.exe
  2⤵
  PID:10032
- C:\Windows\System\fElonOQ.exe
  C:\Windows\System\fElonOQ.exe
  2⤵
  PID:9736
- C:\Windows\System\tTQjwLa.exe
  C:\Windows\System\tTQjwLa.exe
  2⤵
  PID:9992
- C:\Windows\System\nEaUGEA.exe
  C:\Windows\System\nEaUGEA.exe
  2⤵
  PID:9816
- C:\Windows\System\XslvBKw.exe
  C:\Windows\System\XslvBKw.exe
  2⤵
  PID:10196
- C:\Windows\System\reNtnRv.exe
  C:\Windows\System\reNtnRv.exe
  2⤵
  PID:8444
- C:\Windows\System\YbdVKzh.exe
  C:\Windows\System\YbdVKzh.exe
  2⤵
  PID:9228
- C:\Windows\System\AuJgZLQ.exe
  C:\Windows\System\AuJgZLQ.exe
  2⤵
  PID:9284
- C:\Windows\System\pWpdzgG.exe
  C:\Windows\System\pWpdzgG.exe
  2⤵
  PID:9328
- C:\Windows\System\RuRpLQp.exe
  C:\Windows\System\RuRpLQp.exe
  2⤵
  PID:9504
- C:\Windows\System\PcAsgex.exe
  C:\Windows\System\PcAsgex.exe
  2⤵
  PID:9592
- C:\Windows\System\yUyhmSt.exe
  C:\Windows\System\yUyhmSt.exe
  2⤵
  PID:9908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\Cnetfah.exe

Filesize
6.0MB

MD5
90957d892219b49f465b33cb78dcf496

SHA1
7e45510c96efad886669f0c0ee2cc77dddcef524

SHA256
593b99bd0167f31fefc575987dc8ede82f41437651e03b76a2d2d2399b2dcb54

SHA512
1ea6f3cae0039408db91bfd38875f473224f5a20bceb3bf2432f52e34f00aebd65a5f317c240ca10034e3ac058915224db1f8824e059d7159c575a16e48e2365

Download Submit
C:\Windows\system\CqBbXDR.exe

Filesize
6.0MB

MD5
2b7c4577e87d697f007216dcb9869594

SHA1
16b97c62863ef94634b45638878a97065287029d

SHA256
23a1c9ab254d1f77936676e60fc5f3810bc52a6b679943258f6f9d296e26cfce

SHA512
fd962ca53281790a60c6d7ec9a71c18ac9cb90566a5ec4c5801685c19fbde360b16389e468e9bc8d938738a6e70a2626b03330f3f118536bfb2f48090093efef

Download Submit
C:\Windows\system\KLZqQQR.exe

Filesize
6.0MB

MD5
b12c689331ba65d35e3cd6b8fecb6335

SHA1
25de118e352d2a0a42cdaca0a80b637e6686cb2d

SHA256
3e4fea6ddd293ea937dd8443273327c0e8d9089b3137c136cc660a88501d6574

SHA512
3b1693c91bf21e07d4c3254b1851341619bbce2d8f71cf270e06f1244afa7edcb8f3920ca61065aecd14ff5a8b603547c9519d053ca6e037e140ea55465a4cd6

Download Submit
C:\Windows\system\LHpqdcq.exe

Filesize
6.0MB

MD5
753b3f9323723f1849081d640c4914b2

SHA1
af5993040c133ee2c96aa19a9cd3b17b6d295326

SHA256
a9183d063314f45a0616dafff417d0fccf839536b4215a4fa2b084b7e5928cfd

SHA512
7d72c1bed4e5394e0e5932f2237ea6b141e880c514e863f8daf5a7888a34776f7854c0e50e9bd179c5a464c4bbc879b41fcdcb961e28ff46087bcde08eb8fc61

Download Submit
C:\Windows\system\NPmipCK.exe

Filesize
6.0MB

MD5
6e0045b7edcd2fe2416c9e860255533f

SHA1
20f4f5363cf511b9536a132b24e442a8b2b194b2

SHA256
a0967bedd8b4e68ceba3cb252b5b27e351e986fa5069dd81a843947cf7efd0b9

SHA512
79b8cf7e38b819d1872048e1e449fab582ee1b5b60f89b07077dd4a0a49e47bd1cf8411012eaaf85ab1fff0f27d7f62cc0fd681b36a15c8d6e5650455efaa42b

Download Submit
C:\Windows\system\NYMoOeo.exe

Filesize
6.0MB

MD5
81c50023fa0d4fd8857bb2af5a3978da

SHA1
db0e1998dd64ee1f08c7cf686881b0fdf6f162d9

SHA256
1ed399aa8fa14ddccd24149ed32392f16bad382f1ec5ff73a4a2d2d77106ad1d

SHA512
27b55504c569834d3d5a8c4226ef8e22b51944e07b3636196dc0ec450d0abdda886ea903404de96c97049872cd5b87d2efd4fd82a45229978668fbde4b6365f0

Download Submit
C:\Windows\system\NgqEFhZ.exe

Filesize
6.0MB

MD5
c126a6fb33af419eec62eb9e9420e051

SHA1
d58fdf02334bce0e1de463ff2710c4cf51e252eb

SHA256
57ce72f237f2fb1ca4fb88696e44ac9afc9670cfaa4d622b5938c70bdbf3401c

SHA512
8b6708154139bb655b94e3f19555964f9ee4d54445187465c4a2ea1609a1c2e7e74beada3e792c62c0180ebe80a09af1501993a10dfac3e531a5372e72394aeb

Download Submit
C:\Windows\system\ODrhsFB.exe

Filesize
6.0MB

MD5
c544be512032f3cea64bdbf92c2ed735

SHA1
62baf8f36e28d60eaf57e1ea3f97f63deedd62e6

SHA256
fbd2b638d15c4148a1b6472ef89c68a035a4cbf48fb7c4ef5c95f19bc776aeba

SHA512
359eb739ef1217be043d90e5ceebd15a11a57fe865a02980a29dabffb988e183ccfa82b3ac41e62f504841f289fc237f889465937af17534808f555f098b40e8

Download Submit
C:\Windows\system\OdPmoQj.exe

Filesize
6.0MB

MD5
586a22e2cd605de327c146f75a1f59e0

SHA1
f5efd680370ad42300bf16b07452ac5601952631

SHA256
3fb888b8c4a68659925d463b76d5c4108ebdaac0758489b99ae34748511d4ec6

SHA512
47bba137fbd28f5e937dace3b9d80f9834177627d0b872a354d36d2d8a1382e4eb23c99527312014f66c120269e26381f9076c3b12faeb7834a0da03dc66a6f7

Download Submit
C:\Windows\system\TcSNSwe.exe

Filesize
6.0MB

MD5
4f80c17f8ccec08e558d3d7ddc1f4923

SHA1
6a205dfb2554f1ecd44d51e44ab2e101b752c8f5

SHA256
52cb4e4c2de5e1a4c6113530da6e3483ea0ddba5dd933d199df21e098d32a603

SHA512
5a68c4038ac2b993ce33383836cd9c7dd781fa3eee1f5309f84a18fd1bdd0f4c76ee51984cd7800d769b680547400aa2f44aa74309e2de23231cb84465b273ae

Download Submit
C:\Windows\system\VlobHAG.exe

Filesize
6.0MB

MD5
d0ecfa467842709cc68a8c978866083f

SHA1
8f0f013130b9c082dcdf7479212081334c31f826

SHA256
d066463c0b3fd31108a858e85f89d6cd2369985f60be0d2662f0f5b4cb907f85

SHA512
d17e760d27c20cab1f8626a141c53f003162c07124c836cc4d12ffc2449dd036b58fd35c0ae91fd2e83feab5bc867bef340446f10d0b38bd9fe7a243cab0e46e

Download Submit
C:\Windows\system\XmvdOUn.exe

Filesize
6.0MB

MD5
eb90ce6169673a5e9281ff1f7489f2ba

SHA1
26d6b540cef94831a1dfafa734715872c8a38cb7

SHA256
eee2dfb048a8efb3097d5796b8cbfceb4773a84678206da8c647eb0617e935bb

SHA512
a4bc93f183387d08d39c01cc0b06337e16260d6dc6c813dfe69860dd43537b5e489246eeba69b1fdf63524051c56ad118eab09618da046c8b0fb7b81a86db9e9

Download Submit
C:\Windows\system\ZjAmpUN.exe

Filesize
6.0MB

MD5
8247103c256ad932533f186dfad68dbe

SHA1
b73aba3f1498e2713ed5675eeacc8e787a3010a6

SHA256
a75885cbf44965e43713ac7860d9b8ae6d3de881658f05423225a116ba2a461f

SHA512
5d5c1f19afb74f64221d246075c5fb89258c84fc3034b387a60c9a193c484ad2ae8f9295c82b898241f5c527b16d47fac86f69e5f6e3f6205598e1a484e7fa9a

Download Submit
C:\Windows\system\bRESKcl.exe

Filesize
6.0MB

MD5
f01249a3c652b5ad9acca74e4f692063

SHA1
dd7a6253f46770fe101892e75dadff8b312927b3

SHA256
2b2a8cbf5bc1a27642ee2bd9af66fb8697fdf337a52a31d8133984b52f6fae14

SHA512
ce21a76d8f76191571bb844fb9b36266edbbabc082df1bf14ec64c8e43f9535542d88c8fbaf46c4c0348426ac52e7be359324568432f714272a29eaaa6fbedef

Download Submit
C:\Windows\system\dirNnDE.exe

Filesize
6.0MB

MD5
052485a57b6a27e5cecef59e66d177fb

SHA1
8124819da4056af0c3b6832bccdc7950b90ec7a9

SHA256
a35884bb74a12dcd670c3a465c8d37af096c9f3cbee9677351e194b655def800

SHA512
42beaa67fcddd94f1879470818575dc791caf88e5c16574fc8de45d12f0fddfd00c1f93c000aa76c8ae21898f180cf8cb6857a8df74df722ca44016795e0d2f1

Download Submit
C:\Windows\system\eveWMcH.exe

Filesize
6.0MB

MD5
5f74a29aafea1cb5de98aa2589788d02

SHA1
f19665ac8ad71b6040c00fb0c2b461fb7c18b052

SHA256
8402f1da652e136a6d1948b52475e9b2064584edbccef8e49967cc2ccc34feef

SHA512
0846c172f39cf7fd5b1493ae0336121075f31bd65dee95cac3fb03fad5af74e3a2e620e8b5b33313ef4cad1a4487cd43e6a08ff24e4916e6902ab2c2e24c631d

Download Submit
C:\Windows\system\fQvaaZk.exe

Filesize
6.0MB

MD5
6cc58b248bb3b3fe82b4548fe371ec02

SHA1
3cfd0e200ba69d25f5dd0443f5437ec1d3db9f71

SHA256
b00e5ca796bf1287926d875078af50ff44885214737f40909fe7ee3fb1b578dd

SHA512
62fd9d1e7b61c8e6113da3a136ad1bc5f0ee379b649a2569b3029a05948e578402e6eac2c99be5051fc507efa8c4d89b53e470f3e24b58004b02748c15894006

Download Submit
C:\Windows\system\gmjtisE.exe

Filesize
6.0MB

MD5
dc6b85636e0717fcb9076d789c548ecc

SHA1
62a42d06bda22d065a503c5c19265b46f730f5d3

SHA256
0e22ce5e92e9bf3f95c3a33ad9c1ecd5ec39433fdf78d5829017a62e6a73180f

SHA512
1eb0f26654c4076508619717b3f3867fc96165f71d89658599f0a3ec4b9ea2cec1ecb9300efa4333f826f4bdd7ef3343084790e6b0d5a1f948b2118d3f89fbfc

Download Submit
C:\Windows\system\iEnbLOs.exe

Filesize
6.0MB

MD5
5765492b2b8cb3a7e5cf048594c17752

SHA1
6f2f67fb00af30a0dc71b8c3ca7f133f0f88b1ff

SHA256
fe5b2bea5d465d6386151db4981ff1e2310b57c5f0de9439324f1199ff4b1d9c

SHA512
2aa15ad9b27bef4f41b2ba31f136c023f647a5da22b9176d10857aed834ef0b4cdd069c70304a8388b978c1e9ad3dd2965c273efb5695b889ff7858564795a3f

Download Submit
C:\Windows\system\kSIHmDT.exe

Filesize
6.0MB

MD5
b46bd0769b632eaa64b4f0defa838fe2

SHA1
22a20186a86af90e13638562b4fb5d7be66b7e91

SHA256
3106001a26c20408deb55771e4cb7f8271cdc2ce185d88be6630888bb65889f2

SHA512
8f38c8940999a766e7de6246974e647d6e9906e14433863dac45c512b810f522523edc2d2e0d172e52205147044de3fd19629c6fbcef9f972b0027933c8f9732

Download Submit
C:\Windows\system\lHLLjwY.exe

Filesize
6.0MB

MD5
9381650ee03e95badedd4cbc0e537b93

SHA1
7893c9fdf973d1cbf9b6a45b2c38b759e3440af9

SHA256
429a95e3557ede52c48f33455dcb89e4f8adf390df65bf74ff7cd6446af2fb3e

SHA512
a895bfbe89e29638f3ab850ce7b5f998d1fe639a9518077db1d56cd4826fd6aa63d48d7bd1eab9496203541d85c8bef2e52424b8b76484d23d36cb38f6f534e8

Download Submit
C:\Windows\system\lyKJhzH.exe

Filesize
6.0MB

MD5
b9b0e96daa3dfc596d074ef84c8dd07d

SHA1
eb4ff4af4296515296f324f0aac0febef9e4222f

SHA256
e3bbadada3127c286c5ac416aebf8891ae3c2b8939bfd714071e0bed9ffbde41

SHA512
1c7a4967d53d7358c8805d39dc80cca2e3bb195c9233bdb4260f12815d83fe8f8f954eb98a8dcb6057784b0e546f6958284af395556f3fbdfe185ae38c95760e

Download Submit
C:\Windows\system\nNyyDrx.exe

Filesize
6.0MB

MD5
25bdb50901a2a1d424b563efd9a384e7

SHA1
fd5c1e59da909fc41868cd02db8d503e18932e1a

SHA256
1bba884cde6fe076fdc7cde9c4e87075a0c615f351bf4b3c8029c858a523a18d

SHA512
bf4d89ff16c83dae68e3ccd05b40cc8e03f4796bdb3440581bea28e178510ae750af955428470bbac30fda396605d74c85266c8e1599a2047a1a39ee4975d0fb

Download Submit
C:\Windows\system\oeHIWiy.exe

Filesize
6.0MB

MD5
838fd67da8d8b50fdf4f50c4ce96ae00

SHA1
a05412f2b272afdf41a6656bf221547434e0c1e3

SHA256
62632a0a97a3737f381f0282cfd3bd72c8e55797154b215a41714eb300ea222d

SHA512
82594befcdbb30cd07035905e54dd43a8c7b5dffdf103644c87d3309a42dc2a3ccba4b26623ea1df99c93d667182410d334e15c88abab23f500c357bd167a0ae

Download Submit
C:\Windows\system\pkHIeSb.exe

Filesize
6.0MB

MD5
62cbcd8931e08d55183a07cc839ad0aa

SHA1
271530fe61222acacb59dd3a59f68600b8e9b91a

SHA256
6537e35926d11b45a2b36768817ef2d86184daa6d1b3d2d9e6b33fa38a34bc68

SHA512
a82bad81b0a222d8c7db4ebb20b14b198cc187cf5ef8f527f02e2c7c055b2e8edf8d7fd26380a575c77fd1ec620acaac5143d82d29893a02b1b4910f2d9ef06c

Download Submit
C:\Windows\system\qNklVYb.exe

Filesize
6.0MB

MD5
c9422b84c7c14a4a71fc85774ba7906e

SHA1
fe4458b4621e115db1cedb99bf9827a058c791c7

SHA256
633a80e0f19589b03d51f56bf7d45ef05c0d55405fb0f2d5d79f8ab725a628b2

SHA512
5db0ccc7520ea0bf535397f0a1fc21fe35867be49234113e2cf5b023aadce48271592b00cac87da25d546ead638e1f7132e5b193e962301e6e6356cb47f8d6ff

Download Submit
C:\Windows\system\tDCHwEA.exe

Filesize
6.0MB

MD5
33210f65c52b05ea06bb10d3dd0b2ad4

SHA1
d668c2dd4773bcbdf367e9c40cb5766e33280e29

SHA256
88d06ebb4819f8fca94944051a9cda86d46b752444796a8c6df18b14dbcbba70

SHA512
f0f175515267aab99f9db9bb8108bf91ca167a23d3f1639bbca8a9245fdc786b4d8548eacda3a762279fe58786b2342f7276ef6883ab2fa7e1c22a6f3cf53500

Download Submit
C:\Windows\system\uIIERfW.exe

Filesize
6.0MB

MD5
4319de7935e836b32523ad4852ad4491

SHA1
df1291f6409535c469e23c4fff0ae317cddf0aea

SHA256
e5b7e53523ea176a16e895744c40f6bed7a6f8ce1c799e8554dc78573d45f3a8

SHA512
f075bb3050cc025b4231e72acb49aa3ac7d64915ba60b0d402728a944b03156e6a3bc1c9ef57d41dd6ee5fa82bc8f83cf4dd2d767a9f098c8033431f43f5603a

Download Submit
C:\Windows\system\yprPOaW.exe

Filesize
6.0MB

MD5
4e370f102fecc1a9171a7d64cbb7799b

SHA1
3056c52649d25142b37ca6a25c56aa2e62577155

SHA256
fb49bdb55f90dfd7124fb797d74960c907e6449caf8d27dd7ce52d786cf5cc5f

SHA512
6ae95a007b91f3d84d10471baca5317353e9cb08bdd5d024c3d4e7083afcc43fda288481eba2b65a7d794784f6635925a7d39d60f74fd22bf8b4a93f9e4d0d51

Download Submit
C:\Windows\system\zGAYMEW.exe

Filesize
6.0MB

MD5
92c417df3bc20a8618481c70183ec48e

SHA1
0706077a97e9ca12e4ac0ba4337e3eddaa79dfaa

SHA256
944990f8731ddc8621a7ce72332fc896c18a498e812e3a7ccc08a00fee488807

SHA512
56001c13c39a762a451eb6821091b90b9950f587ad6a9c3d10da6640c0f810aae3a5f8ad77df53c7574eb4c81b105001c6daaa274177c94175a03df2395240d6

Download Submit
\Windows\system\AMtlyVH.exe

Filesize
6.0MB

MD5
0229541209f68a44aa8201dac5b5262c

SHA1
cc001c5586c97716431ce806f3368f9d5160c4e7

SHA256
13fb8e3ad50deca0b2bacd613f3de8781dc8c188b3690e2534c65d59a51ff58e

SHA512
19fafc5091da046d6183520f03d7c0052426ea135ca93b4fcb9bca8290d200e63151a01aad15eef50520850c09887011283302b5f7c493395be2634dd540ac02

Download Submit
\Windows\system\XNJgWje.exe

Filesize
6.0MB

MD5
8b278ebf3a29d36563080c10668f7789

SHA1
a676c376ab33170a6c66f5c7cba34a9390ae94b6

SHA256
2fa78b94afd3589734b44525561932a0a5784068adc403a5f3dbf92d38f0b542

SHA512
605ae08b2c1d0e8d10890116a15894a9a433f4c77d2e4bcaeb45f4abb7d193573e220db7c26f1e7010458bc584a45648c0496a6bf3df66d1172dd8c31e3ca406

Download Submit
memory/792-3818-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/792-2162-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-2300-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2064-3850-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2252-2372-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2252-3841-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2320-3794-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-2374-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2360-3803-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2360-1981-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2364-2880-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-3001-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-2306-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2364-2373-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-2871-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2364-0-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2364-2976-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2364-2971-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-3002-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2364-2375-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2364-3000-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2364-1943-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2364-2172-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2364-2039-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2392-3790-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2034-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download